Furnicarul Posted January 20, 2019 Report Share Posted January 20, 2019 Are cineva idee cum se rezolva acest CTF ? Am incercat cu sqlmap si mai multe incercari cu SELECT * FROM table WHERE etc. BASIC INJECTION 30 points 2630 solves Web Easy intelagent See if you can leak the whole database. The flag is in there somwhere… https://web.ctflearn.com/web4/ Multumesc ! Quote Link to comment Share on other sites More sharing options...
kasmir Posted January 20, 2019 Report Share Posted January 20, 2019 de ce nu te apuci sa citesti prima data si dupa sa-i dai drumu la CTF. input='or '1'='1 Quote Link to comment Share on other sites More sharing options...
ARUBA Posted January 21, 2019 Report Share Posted January 21, 2019 (edited) Am citit la sql si am invatat cat de cat dupa ce iar nu am stiut ceva...Am invatat sa folosesc sqlmap si Burpsuite, sa decriptez Rot13 cipher, si sa fac cat de cat cerintele de la CTF alea mai usoare gen..Alea cu zip, cu imagini, sa folosesc binwalk, dosbox cat de cat, cat sa aflu flagurile cand dau DEBUG si strings... Am o problema acum, sunt blocat la nivelul 3 http://ctf.infosecinstitute.com/ctf2/exercises/ex3.php nu inteleg cee ar trebui sa fac.. ================================================================================================================================ Pai ori inveti, ori ba. Scrie acolo Vulnerability: Data Validation; Parameter Delimiter. Ai si hint: When you login you would see exactly how user's access level is determined in the text file, "The delimiter used to separate fields like username and password is just a newline. Folosesti Burp, creezi cont in aplicatia ctf, vezi request-ul HTTP. Fiecare user are un rol/drept. Tu ai normal, trebuie sa devii admin. Te joci cu Burp Repeater. Gasesti request-ul de inregistrare la tab-ul Proxy, apoi HTTP History si ii dai Send to Repeater la POST request. Adaugi newline in request, cum scrie in hint - o sa fie encoded. %0d%0a - spre exemplu intri aici, apesi enter de 2 ori (newline) si dai encode. https://www.w3schools.com/tags/ref_urlencode.asp https://www.degraeve.com/reference/urlencoding.php Request-ul trebuie sa fie de forma: user=FurnicaObosita&password=FurnicaObosita&lname=FurnicaObosita%0d%0arole:admin... -> %0d%0a - encoded newlines Tu zilele trecute nu stiai basic SQL si acum ai trecut la Burp Suite. Da' ai relatii in oras si parteneriate, esti combinator...si noi fraierii tai, nu? Nu-mi mai scrie prin PM ca nu te mai ajut. Edited January 21, 2019 by ARUBA Quote Link to comment Share on other sites More sharing options...
