Download the file http://ctf.infosecinstitute.com/misc/level14
its a sql file dump
Analyzing the dump file there is interesting Bloc :
-- -- Dumping data for table `flag?` -- INSERT INTO `flag?` (`ID`, `user_login`, `user_pass`, `user_nicename`,
`user_email`, `user_url`, `user_registered`, `user_activation_key`,
`user_status`, `display_name`) VALUES (1, 'admin', '$P$B8p.TUJAbjULMWrNXm8GsH4fb2PWfF.', 'admin',
'christyhaigcreations@gmail.com', '', '2012-09-06 20:09:55', '', 0, 'admin'); -- -------------------------------------------------------- -- -- Table structure for table `friends` -- CREATE TABLE IF NOT EXISTS `friends` ( `id` int(11) DEFAULT NULL, `name` text, `address` char(90) DEFAULT NULL, `status` char(50) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; -- -- Dumping data for table `friends` -- INSERT INTO `friends` (`id`, `name`, `address`, `status`) VALUES (102, 'Sasha Grey', 'Vatican City', 'Active'), (101, 'Andres Bonifacio', 'Tondo, Manila', 'Active'), (103, 'lol', 'what the???', 'Inactive'), (104, '\\u0069\\u006e\\u0066\\u006f\\u0073\\u0065\\u0063\\u005f\\u0066
\\u006c\\u0061\\u0067\\u0069\\u0073\\u005f\\u0077\\u0068\\u0061\\u0074
\\u0073\\u006f\\u0072\\u0063\\u0065\\u0072\\u0079\\u0069\\u0073\\u0074
\\u0068\\u0069\\u0073', 'annoying', '0x0a');
lets decode the hex stream string "
\u0069\u006e\u0066\u006f\u0073\u0065\u0063\u005f\u0066\u006c\u0061\u0067\u0069\u0073\u005f\u0077\u0068\u0061\u0074\u0073\u006f\u0072\u0063\u0065\u0072\u0079\u0069\u0073\u0074\u0068\u0069\u0073
" using online tool http://ddecode.com/hexdecoder/
this is
Flag :infosec_flagis_whatsorceryisthis
No comments:
Post a Comment