By seeing the code it was clear that we are going to make a blind sql injection attack.
The problem was the attack limit we only have 120 chance to get the password,
password was 30 characters long and it was containing all the lowercase letters
- which are 26. So in the worst case a linear attack should try 26*30 different
passwords which is far more than 120. Then the first thing coming into mind is to
try binary search on each character which should take 6 steps per character in
the worst case and in total 6*30=180 if we are lucky enough we can find the answer
in less than that so i give it a try and it worked. If i would be so unlucky
then i would convert each character to base 3 and look for each digit ,there can
be almost 3 digits to represnt 26 in base 3, so it would take 3*30=90 which would
be absolutely enough for the case. And there is our exploit:
Exploit - Web500
No comments:
Post a Comment