Crack Password (Lab Help)
$10-30 USD
Paid on delivery
It's a lab work, not crack some real website. So there's no illegal issues here.
Website: [url removed, login to view]
Target: /sqlinject2/
Goal: login using username 'victim'
Output: write a program to prints the sql input, a brief description of how it works and
the time it took to execute
Hint:
The server uses the following PHP code, which escapes the username and applies the MD5
hash function to the password.
if (isset($_POST[’username’]) and
isset($_POST[’password’])) {
$username = mysql_real_escape_string($_POST[’username’]);
$password = md5($_POST[’password’], true);
$sql_s = "SELECT * FROM users WHERE username=’$username’ and pw=’$password’";
$rs = mysql_query($sql_s);
if (mysql_num_rows($rs) > 0) {
echo "Login successful!";
} else {
echo "Incorrect username or password";
}
}
It should not be very difficult, my guess is using brute force to try every possible password.
Project ID: #5785301