Username: natas17
Password: kgQPkNdkgQNPkq9Ps3NdkhP7GmA
URL:http://natas17.natas.labs.overthewire.org/
quite a hard question for me, here is the source code:
Analyse the source code and find that this is a sql injection question, similar to the 15 questions, but no longer provide the echo, all echo are commented out. Guess the username for natas18, still blind injection of ideas, but because there is no as a judgement of the echo, so this time the choice of time blind injection, the use of if () and sleep () function to complete the injection.
Script (binary lookup, faster efficiency):
python code:
key: xvKIqDjy4OPv7wCRgDlmj0pFsCsDjhdP
Nothing new, mostly what was taught in Wednesday’s seminar. The code part was a little hard for me, so I consulted some online sources and then reproduced it myself.
One more question, I’ve noticed that all my screenshots have a red dot on top, is this a watermark? Or is it a bug?
今朝有酒今朝醉 