$r = mysql_query("SELECT login FROM admin WHERE password='" . md5($_GET['password'], true) . "'");
Normally, web sites keep the password hash as hex string. But this challenge keep raw hash (binary 16 bytes) in database. Binary can be string. So To bypass login, the output of md5 has to look like' or 1=1#The above string is what I thought first. But it is too long. To make the brute forcing fast, the required output string should be short. After checking from MySQL doc, I could make it shorter. Here is the list what I found
'or 1# <== no need for space after single quote, any non-zero number is TRUE '||1# <== || is same as OR, no need for space after ||Before writing the code for brute forcing, I remembered I can put non-printable characters in password using '%XX'. So 1 byte can be 256 values. No charset.
My code for brute forcing is http://pastebin.com/2xMG9rKi.
Ran it about 20 minutes on my slow windows pc, then got it.
password: 34b854c8 password: %34%b8%54%c8 result: c13e807082277c7c36231ed0dd34a863 result: ม>€p‚'||6# ะ4จc
Note: on linux, compile with "gcc -O2 -lssl -o prog prog.c" Note: If you want to see result from my program quick, run it with "./prog 4 4 200"
Submit it from url bar
url?password=%34%b8%54%c8,then got the real admin hash. It is "071CC0720D0ABD73F61A291224F248D6". But I could not reverse admin hash :( so poor me. When searched in google, I found it in hashkiller but it was not solved.
Below is not my solution
Before finished this post, I found other 2 writeups of this challenge. Very nice solutions. They found shorter SQL injection string.
First is http://cvk.posterous.com/sql-injection-with-raw-md5-hashes. The SQL injection string is
'||'Here is the modification of my code: http://pastebin.com/ThxBESPs. Got the result in a few minutes.
password: 2c55c819 password: %2c%55%c8%19 result: 3157e727097c7c27342e7dc2729f75ed result: 1W็' ||'4.}ยrŸuํSecond is http://blog.nibbles.fr/?p=2039. The SQL injection string is
'='Here is the modification of my code: http://pastebin.com/w5E54PNz. Got the result in a second.
password: 22a80f password: %22%a8%0f result: 047f1f9ed77f467a273d279d8e521422 result: žืFz'='ŽR "
It’s hard to come by experienced people about this subject, but you seem like you know what you’re talking about! Thanks.
ReplyDeleteJava Training in Bangalore
IEEE Final Year Project centers make amazing deep learning final year projects ideas for final year students Final Year Projects for CSE to training and develop their deep learning experience and talents.
DeleteIEEE Final Year projects Project Centers in India are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation.
corporate training in chennai corporate training in chennai
corporate training companies in india corporate training companies in india
corporate training companies in chennai corporate training companies in chennai
I have read your blog its very attractive and impressive. I like it your blog. Digital Marketing Company in Chennai
Great site and a great topic as well I really get amazed to read this.There is lots of Post about Python But your way of Writing is so Good & Knowledgeable.I gained many unknown information, the way you have clearly explained is really fantastic.keep posting such useful information.
ReplyDeleteFull Stack Training in Chennai | Certification | Online Training Course
Full Stack Training in Bangalore | Certification | Online Training Course
Full Stack Training in Hyderabad | Certification | Online Training Course
Full Stack Developer Training in Chennai | Mean Stack Developer Training in Chennai
Full Stack Training
Full Stack Online Training
You have shared a nice article here. After reading your article I got very much information and It resolved many of my doubts. Thanks for sharing this article here.
ReplyDeleteIELTS Coaching in chennai
German Classes in Chennai
GRE Coaching Classes in Chennai
TOEFL Coaching in Chennai
spoken english classes in chennai | Communication training
Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration, both of which I need, thanks to offer such a helpful information here.
ReplyDeleteNice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration, both of which I need, thanks to offer such a helpful information here.
DevOps Training in Chennai
DevOps Online Training in Chennai
DevOps Training in Bangalore
DevOps Training in Hyderabad
DevOps Training in Coimbatore
DevOps Training
DevOps Online Training
This is a wonderful article, Given so much info in it, Thanks for sharing. acte offers courses in new technologies and makes sure students understand the flow of work from each and every perspective in a Real-Time environment.PHP Training in Chennai
ReplyDeletePHP Online Training in Chennai
Machine Learning Training in Chennai
iOT Training in Chennai
Blockchain Training in Chennai
Open Stack Training in Chennai
Keep up the great work, I read few blog posts on this site and I believe that your website is really interesting and has loads of good info.
ReplyDeleteWeb Designing Training in Chennai
Web Designing Course in Chennai
Web Designing Training in Bangalore
Web Designing Course in Bangalore
Web Designing Training in Hyderabad
Web Designing Course in Hyderabad
Web Designing Training in Coimbatore
Web Designing Training
Web Designing Online Training
Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspried me to read more. keep it up.
ReplyDeleteAWS training in Chennai
AWS Online Training in Chennai
AWS training in Bangalore
AWS training in Hyderabad
AWS training in Coimbatore
AWS training
Thanks for sharing an informative blog keep rocking bring more details.I like the helpful info you provide in your articles. I’ll bookmark your weblog and check again here regularly. I am quite sure I will learn much new stuff right here! Good luck for the next!
ReplyDeleteArtificial Intelligence Training in Chennai
Ai Training in Chennai
Artificial Intelligence training in Bangalore
Ai Training in Bangalore
Artificial Intelligence Training in Hyderabad | Certification | ai training in hyderabad
Artificial Intelligence Online Training
Ai Online Training
Blue Prism Training in Chennai
Career progression opportunities for individuals who become Java developers are excellent. ... Keep in mind that the role of a developer covers more than just coding — development is an integral part of each stage of the engineering process so there are excellent opportunities to learn on the job
ReplyDeleteJava training in Chennai
Java Online training in Chennai
Java Course in Chennai
Best JAVA Training Institutes in Chennai
Java training in Bangalore
Java training in Hyderabad
Java Training in Coimbatore
Java Training
Java Online Training
Nice post. Thanks for sharing! I want people to know just how good this information is in your article. It’s interesting content and Great work. nice to read.
ReplyDeleteselenium training in chennai
selenium training in chennai
selenium online training in chennai
selenium training in bangalore
selenium training in hyderabad
selenium training in coimbatore
selenium online training
selenium training
I found some useful information in your blog, it was awesome to read, thanks for sharing this great content to my vision, keep sharing..
ReplyDeleteDigital Marketing Training in Chennai
Digital Marketing Course in Chennai
SEO Training in Chennai
Digital Marketing Training in Bangalore
Digital Marketing Training in Hyderabad
Digital Marketing Training in Coimbatore
Digital Marketing Training
Digital Marketing Course
Digital Marketing Online Training
intresting article
ReplyDeleteSoftware Testing Training in Chennai | Certification | Online
Courses
Software Testing Training in Chennai
Software Testing Online Training in Chennai
Software Testing Courses in Chennai
Software Testing Training in Bangalore
Software Testing Training in Hyderabad
Software Testing Training in Coimbatore
Software Testing Training
Software Testing Online Training
Great article with lots of useful information on Hardware and Networking Training in Chennai wonderful explanation on Hardware and Networking Courses.keep up!!
ReplyDeleteAndroid Training in Chennai
Android Online Training in Chennai
Android Training in Bangalore
Android Training in Hyderabad
Android Training in Coimbatore
Android Training
Android Online Training
Thanks for one marvelous posting! I enjoyed reading it; you are a great author. I will make sure to bookmark your blog and may come back someday. I want to encourage that you continue your great posts.
ReplyDeleteoracle training in chennai
oracle training institute in chennai
oracle training in bangalore
oracle training in hyderabad
oracle training
oracle online training
hadoop training in chennai
hadoop training in bangalore
I found some useful information in your blog, it was awesome to read, thanks for sharing this great content to my vision, keep sharing..
ReplyDeleteacte chennai
acte complaints
acte reviews
acte trainer complaints
acte trainer reviews
acte velachery reviews complaints
acte tambaram reviews complaints
acte anna nagar reviews complaints
acte porur reviews complaints
acte omr reviews complaints
Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspired me to read more. keep it up.
ReplyDeletepython training in chennai
python course in chennai
python online training in chennai
python training in bangalore
python training in hyderabad
python online training
python training
python flask training
python flask online training
python training in coimbatore
This information you provided in the blog that is really unique I love it!! Thanks for sharing such a great blog. Keep posting..
ReplyDeleteCyber Security Training Course in Chennai | Certification | Cyber Security Online Training Course | Ethical Hacking Training Course in Chennai | Certification | Ethical Hacking Online Training Course |
CCNA Training Course in Chennai | Certification | CCNA Online Training Course | RPA Robotic Process Automation Training Course in Chennai | Certification | RPA Training Course Chennai | SEO Training in Chennai | Certification | SEO Online Training Course
one funnel away challenge
ReplyDeleteone funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
you've got achieved a omnipresent process upon this article. Its wholly proper and intensely qualitative. you've got even managed to make it readable and clean to access. you have a few valid writing function. thank you consequently much. Product Key For Windows 7 64 Bit Ultimate
ReplyDelete