webProhard

Dosie X (Dossier X)

hackerlab

Task: Exploit a Flask web application with user registration to retrieve admin credentials. Solution: Inject SQL via the unvalidated "about" field during registration using SQLite string concatenation, enumerate the database schema, extract the admin MD5 password hash, crack it with John the Ripper, and log in as admin.

sqlite sqli authentication_bypass md5 hash_cracking

sql_injectiondatabase_enumerationmd5_cracking

$ ls tags/ techniques/

sqlite sqli authentication_bypass md5 hash_cracking

sql_injectiondatabase_enumerationmd5_cracking

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

Sign in with GitHub, Discord, or Google to continue. No email required.

$sign in

$ grep --similar

Similar writeups

[web][Pro]QuickBite — SSTI via Registration Name Field— hackadvisor
[web][Pro]4chat— hackerlab
[web][Pro]Состояние 0x7F— hackerlab
[web][Pro]Nova Arts— hackerlab
[web][free]Guild— hackthebox