Tags: web
Rating: 1.0
Problem Statement(600 points):
There is a website running at http://2018shell2.picoctf.com:38834 (link). We need to get into any user for a flag!
Tags : python, sql operator used : "Like"
Solution:
So in this question we have to give the answer but we don't know anything.So i entered "admin" as input which returned "wrong" with a sql statement :
SQL query: SELECT * FROM answers WHERE answer='admin'
So this gives me a lot of hint to the solution.Next time i entered :
'Union SELECT * FROM answers WHERE answer Like '%a% [ Notice i type (') in starting but not in the end ]
it returned "you are so close"
so i made a python script to find all the alphabet and numbers in the answer.You can find that script here.
After running the script i got my letters and number it was : adhinstx14
but it was not ordered so to make it ordered i made changes in my python script.I stored my answer in variable ans.
So ans="adhinstx14" and changes the sql query to 'Union SELECT * FROM answers WHERE answer Like '"+i+"%" where i are the letters of ans.You can find code here(order.py).
The code outputted tha answer = 41andsixsixths
i submitted the code but it was Wrong!!!
Hmmm..
I then realised that the Like opereator does not check the capitalisation so tried with different capitalisation and got the answer which is : 41AndSixSixths
And i was awarded with flag after entering this.
The flag was : Your flag is: picoCTF{qu3stions_ar3_h4rd_8f84b784}
