Cookie Consent by PrivacyPolicies.com

DarkCTF 2020: Web/Agent-U


DarkCTF 2020: Web/Agent-U

Web/Agent-U

395 points

Agent U stole a database from my company but I don't know which one. Can u help me to find it?

http://agent.darkarmy.xyz/

flag format darkCTF{databasename}

Solution

From the source we can get info, that default credentials are admin/admin.

Site after login shows my user agent, so my first idea was to perform sql injection through my user agent.

After few attempts I ended up finally with below user agent setup ;-)

', extractvalue(rand(),concat(0x3a,(SELECT concat(0x3a,schema_name) FROM information_schema.schemata LIMIT 1,1))), NULL); -- .

BINGO!

darkCTF{ag3nt_u_1s_v3ry_t3l3nt3d}