manesec · October 13, 2023 17:54
diff --git a/better-sqli-lab.sh b/better-sqli-lab.sh
 #! /bin/bash

 # Please note that the script runs in base64 to prevent spoilers.
 # If you're done, you can decode the base64.

 # container port
 port=8888

 echo ' *** This is script used to create Hackable sqli-lab container *** '
 echo 'Please Note that: After patch it, You can get a root shell !!'
 echo 'Only WEB Port Open, NO SSH !! goood to luck !!'
 echo '    -- power by @manesec'

 container_id=`docker run -itd --name hackablesqli -p $port:80 acgpiano/sqli-labs`


 docker exec $container_id /bin/bash -c "echo 'IyEvYmluL2Jhc2gKZXhlYyBteXNxbGQ=' | base64 -d > $(echo 'L3N0YXJ0LW15c3FsZC5zaA==' | base64 -d) | echo ok"

 docker exec $container_id /bin/bash -c "echo 'IwojIFRoZSBNeVNRTCBkYXRhYmFzZSBzZXJ2ZXIgY29uZmlndXJhdGlvbiBmaWxlLgojCiMgWW91IGNhbiBjb3B5IHRoaXMgdG8gb25lIG9mOgojIC0gIi9ldGMvbXlzcWwvbXkuY25mIiB0byBzZXQgZ2xvYmFsIG9wdGlvbnMsCiMgLSAifi8ubXkuY25mIiB0byBzZXQgdXNlci1zcGVjaWZpYyBvcHRpb25zLgojIAojIE9uZSBjYW4gdXNlIGFsbCBsb25nIG9wdGlvbnMgdGhhdCB0aGUgcHJvZ3JhbSBzdXBwb3J0cy4KIyBSdW4gcHJvZ3JhbSB3aXRoIC0taGVscCB0byBnZXQgYSBsaXN0IG9mIGF2YWlsYWJsZSBvcHRpb25zIGFuZCB3aXRoCiMgLS1wcmludC1kZWZhdWx0cyB0byBzZWUgd2hpY2ggaXQgd291bGQgYWN0dWFsbHkgdW5kZXJzdGFuZCBhbmQgdXNlLgojCiMgRm9yIGV4cGxhbmF0aW9ucyBzZWUKIyBodHRwOi8vZGV2Lm15c3FsLmNvbS9kb2MvbXlzcWwvZW4vc2VydmVyLXN5c3RlbS12YXJpYWJsZXMuaHRtbAoKIyBUaGlzIHdpbGwgYmUgcGFzc2VkIHRvIGFsbCBteXNxbCBjbGllbnRzCiMgSXQgaGFzIGJlZW4gcmVwb3J0ZWQgdGhhdCBwYXNzd29yZHMgc2hvdWxkIGJlIGVuY2xvc2VkIHdpdGggdGlja3MvcXVvdGVzCiMgZXNjcGVjaWFsbHkgaWYgdGhleSBjb250YWluICIjIiBjaGFycy4uLgojIFJlbWVtYmVyIHRvIGVkaXQgL2V0Yy9teXNxbC9kZWJpYW4uY25mIHdoZW4gY2hhbmdpbmcgdGhlIHNvY2tldCBsb2NhdGlvbi4KW2NsaWVudF0KcG9ydCAgICAgICAgICAgID0gMzMwNgpzb2NrZXQgICAgICAgICAgPSAvdmFyL3J1bi9teXNxbGQvbXlzcWxkLnNvY2sKCiMgSGVyZSBpcyBlbnRyaWVzIGZvciBzb21lIHNwZWNpZmljIHByb2dyYW1zCiMgVGhlIGZvbGxvd2luZyB2YWx1ZXMgYXNzdW1lIHlvdSBoYXZlIGF0IGxlYXN0IDMyTSByYW0KCiMgVGhpcyB3YXMgZm9ybWFsbHkga25vd24gYXMgW3NhZmVfbXlzcWxkXS4gQm90aCB2ZXJzaW9ucyBhcmUgY3VycmVudGx5IHBhcnNlZC4KW215c3FsZF9zYWZlXQpzb2NrZXQgICAgICAgICAgPSAvdmFyL3J1bi9teXNxbGQvbXlzcWxkLnNvY2sKbmljZSAgICAgICAgICAgID0gMAoKW215c3FsZF0KIwojICogQmFzaWMgU2V0dGluZ3MKIwp1c2VyICAgICAgICAgICAgPSByb290CnBpZC1maWxlICAgICAgICA9IC92YXIvcnVuL215c3FsZC9teXNxbGQucGlkCnNvY2tldCAgICAgICAgICA9IC92YXIvcnVuL215c3FsZC9teXNxbGQuc29jawpwb3J0ICAgICAgICAgICAgPSAzMzA2CmJhc2VkaXIgICAgICAgICA9IC91c3IKZGF0YWRpciAgICAgICAgID0gL3Zhci9saWIvbXlzcWwKdG1wZGlyICAgICAgICAgID0gL3RtcApsYy1tZXNzYWdlcy1kaXIgPSAvdXNyL3NoYXJlL215c3FsCnNraXAtZXh0ZXJuYWwtbG9ja2luZwojCiMgSW5zdGVhZCBvZiBza2lwLW5ldHdvcmtpbmcgdGhlIGRlZmF1bHQgaXMgbm93IHRvIGxpc3RlbiBvbmx5IG9uCiMgbG9jYWxob3N0IHdoaWNoIGlzIG1vcmUgY29tcGF0aWJsZSBhbmQgaXMgbm90IGxlc3Mgc2VjdXJlLgpiaW5kLWFkZHJlc3MgICAgICAgICAgICA9IDEyNy4wLjAuMQojCiMgKiBGaW5lIFR1bmluZwojCmtleV9idWZmZXIgICAgICAgICAgICAgID0gMTZNCm1heF9hbGxvd2VkX3BhY2tldCAgICAgID0gMTZNCnRocmVhZF9zdGFjayAgICAgICAgICAgID0gMTkySwp0aHJlYWRfY2FjaGVfc2l6ZSAgICAgICA9IDgKIyBUaGlzIHJlcGxhY2VzIHRoZSBzdGFydHVwIHNjcmlwdCBhbmQgY2hlY2tzIE15SVNBTSB0YWJsZXMgaWYgbmVlZGVkCiMgdGhlIGZpcnN0IHRpbWUgdGhleSBhcmUgdG91Y2hlZApteWlzYW0tcmVjb3ZlciAgICAgICAgID0gQkFDS1VQCiNtYXhfY29ubmVjdGlvbnMgICAgICAgID0gMTAwCiN0YWJsZV9jYWNoZSAgICAgICAgICAgID0gNjQKI3RocmVhZF9jb25jdXJyZW5jeSAgICAgPSAxMAojCiMgKiBRdWVyeSBDYWNoZSBDb25maWd1cmF0aW9uCiMKcXVlcnlfY2FjaGVfbGltaXQgICAgICAgPSAxTQpxdWVyeV9jYWNoZV9zaXplICAgICAgICA9IDE2TQojCiMgKiBMb2dnaW5nIGFuZCBSZXBsaWNhdGlvbgojCiMgQm90aCBsb2NhdGlvbiBnZXRzIHJvdGF0ZWQgYnkgdGhlIGNyb25qb2IuCiMgQmUgYXdhcmUgdGhhdCB0aGlzIGxvZyB0eXBlIGlzIGEgcGVyZm9ybWFuY2Uga2lsbGVyLgojIEFzIG9mIDUuMSB5b3UgY2FuIGVuYWJsZSB0aGUgbG9nIGF0IHJ1bnRpbWUhCiNnZW5lcmFsX2xvZ19maWxlICAgICAgICA9IC92YXIvbG9nL215c3FsL215c3FsLmxvZwojZ2VuZXJhbF9sb2cgICAgICAgICAgICAgPSAxCiMKIyBFcnJvciBsb2cgLSBzaG91bGQgYmUgdmVyeSBmZXcgZW50cmllcy4KIwpsb2dfZXJyb3IgPSAvdmFyL2xvZy9teXNxbC9lcnJvci5sb2cKIwojIEhlcmUgeW91IGNhbiBzZWUgcXVlcmllcyB3aXRoIGVzcGVjaWFsbHkgbG9uZyBkdXJhdGlvbgojbG9nX3Nsb3dfcXVlcmllcyAgICAgICA9IC92YXIvbG9nL215c3FsL215c3FsLXNsb3cubG9nCiNsb25nX3F1ZXJ5X3RpbWUgPSAyCiNsb2ctcXVlcmllcy1ub3QtdXNpbmctaW5kZXhlcwojCiMgVGhlIGZvbGxvd2luZyBjYW4gYmUgdXNlZCBhcyBlYXN5IHRvIHJlcGxheSBiYWNrdXAgbG9ncyBvciBmb3IgcmVwbGljYXRpb24uCiMgbm90ZTogaWYgeW91IGFyZSBzZXR0aW5nIHVwIGEgcmVwbGljYXRpb24gc2xhdmUsIHNlZSBSRUFETUUuRGViaWFuIGFib3V0CiMgICAgICAgb3RoZXIgc2V0dGluZ3MgeW91IG1heSBuZWVkIHRvIGNoYW5nZS4KI3NlcnZlci1pZCAgICAgICAgICAgICAgPSAxCiNsb2dfYmluICAgICAgICAgICAgICAgICAgICAgICAgPSAvdmFyL2xvZy9teXNxbC9teXNxbC1iaW4ubG9nCmV4cGlyZV9sb2dzX2RheXMgICAgICAgID0gMTAKbWF4X2JpbmxvZ19zaXplICAgICAgICAgPSAxMDBNCiNiaW5sb2dfZG9fZGIgICAgICAgICAgID0gaW5jbHVkZV9kYXRhYmFzZV9uYW1lCiNiaW5sb2dfaWdub3JlX2RiICAgICAgID0gaW5jbHVkZV9kYXRhYmFzZV9uYW1lCiMKIyAqIElubm9EQgojCiMgSW5ub0RCIGlzIGVuYWJsZWQgYnkgZGVmYXVsdCB3aXRoIGEgMTBNQiBkYXRhZmlsZSBpbiAvdmFyL2xpYi9teXNxbC8uCiMgUmVhZCB0aGUgbWFudWFsIGZvciBtb3JlIElubm9EQiByZWxhdGVkIG9wdGlvbnMuIFRoZXJlIGFyZSBtYW55IQojCiMgKiBTZWN1cml0eSBGZWF0dXJlcwojCiMgUmVhZCB0aGUgbWFudWFsLCB0b28sIGlmIHlvdSB3YW50IGNocm9vdCEKIyBjaHJvb3QgPSAvdmFyL2xpYi9teXNxbC8KIwojIEZvciBnZW5lcmF0aW5nIFNTTCBjZXJ0aWZpY2F0ZXMgSSByZWNvbW1lbmQgdGhlIE9wZW5TU0wgR1VJICJ0aW55Y2EiLgojCiMgc3NsLWNhPS9ldGMvbXlzcWwvY2FjZXJ0LnBlbQojIHNzbC1jZXJ0PS9ldGMvbXlzcWwvc2VydmVyLWNlcnQucGVtCiMgc3NsLWtleT0vZXRjL215c3FsL3NlcnZlci1rZXkucGVtCgoKCltteXNxbGR1bXBdCnF1aWNrCnF1b3RlLW5hbWVzCm1heF9hbGxvd2VkX3BhY2tldCAgICAgID0gMTZNCgpbbXlzcWxdCiNuby1hdXRvLXJlaGFzaCAjIGZhc3RlciBzdGFydCBvZiBteXNxbCBidXQgbm8gdGFiIGNvbXBsZXRpdGlvbgoKW2lzYW1jaGtdCmtleV9idWZmZXIgICAgICAgICAgICAgID0gMTZNCgojCiMgKiBJTVBPUlRBTlQ6IEFkZGl0aW9uYWwgc2V0dGluZ3MgdGhhdCBjYW4gb3ZlcnJpZGUgdGhvc2UgZnJvbSB0aGlzIGZpbGUhCiMgICBUaGUgZmlsZXMgbXVzdCBlbmQgd2l0aCAnLmNuZicsIG90aGVyd2lzZSB0aGV5J2xsIGJlIGlnbm9yZWQuCiMKIWluY2x1ZGVkaXIgL2V0Yy9teXNxbC9jb25mLmQvCg==' | base64 -d > $(echo 'L2V0Yy9teXNxbC9teS5jbmY=' | base64 -d) | echo ok"

 docker restart $container_id

 echo "OK, Container ID is: $container_id"

 echo "Good luck!"
	#! /bin/bash

	# Please note that the script runs in base64 to prevent spoilers.
	# If you're done, you can decode the base64.

	# container port
	port=8888

	echo ' * This is script used to create Hackable sqli-lab container * '
	echo 'Please Note that: After patch it, You can get a root shell !!'
	echo 'Only WEB Port Open, NO SSH !! goood to luck !!'
	echo ' -- power by @manesec'

	container_id=`docker run -itd --name hackablesqli -p $port:80 acgpiano/sqli-labs`


	docker exec $container_id /bin/bash -c "echo 'IyEvYmluL2Jhc2gKZXhlYyBteXNxbGQ=' \| base64 -d > $(echo 'L3N0YXJ0LW15c3FsZC5zaA==' \| base64 -d) \| echo ok"

	docker exec $container_id /bin/bash -c "echo 'IwojIFRoZSBNeVNRTCBkYXRhYmFzZSBzZXJ2ZXIgY29uZmlndXJhdGlvbiBmaWxlLgojCiMgWW91IGNhbiBjb3B5IHRoaXMgdG8gb25lIG9mOgojIC0gIi9ldGMvbXlzcWwvbXkuY25mIiB0byBzZXQgZ2xvYmFsIG9wdGlvbnMsCiMgLSAifi8ubXkuY25mIiB0byBzZXQgdXNlci1zcGVjaWZpYyBvcHRpb25zLgojIAojIE9uZSBjYW4gdXNlIGFsbCBsb25nIG9wdGlvbnMgdGhhdCB0aGUgcHJvZ3JhbSBzdXBwb3J0cy4KIyBSdW4gcHJvZ3JhbSB3aXRoIC0taGVscCB0byBnZXQgYSBsaXN0IG9mIGF2YWlsYWJsZSBvcHRpb25zIGFuZCB3aXRoCiMgLS1wcmludC1kZWZhdWx0cyB0byBzZWUgd2hpY2ggaXQgd291bGQgYWN0dWFsbHkgdW5kZXJzdGFuZCBhbmQgdXNlLgojCiMgRm9yIGV4cGxhbmF0aW9ucyBzZWUKIyBodHRwOi8vZGV2Lm15c3FsLmNvbS9kb2MvbXlzcWwvZW4vc2VydmVyLXN5c3RlbS12YXJpYWJsZXMuaHRtbAoKIyBUaGlzIHdpbGwgYmUgcGFzc2VkIHRvIGFsbCBteXNxbCBjbGllbnRzCiMgSXQgaGFzIGJlZW4gcmVwb3J0ZWQgdGhhdCBwYXNzd29yZHMgc2hvdWxkIGJlIGVuY2xvc2VkIHdpdGggdGlja3MvcXVvdGVzCiMgZXNjcGVjaWFsbHkgaWYgdGhleSBjb250YWluICIjIiBjaGFycy4uLgojIFJlbWVtYmVyIHRvIGVkaXQgL2V0Yy9teXNxbC9kZWJpYW4uY25mIHdoZW4gY2hhbmdpbmcgdGhlIHNvY2tldCBsb2NhdGlvbi4KW2NsaWVudF0KcG9ydCAgICAgICAgICAgID0gMzMwNgpzb2NrZXQgICAgICAgICAgPSAvdmFyL3J1bi9teXNxbGQvbXlzcWxkLnNvY2sKCiMgSGVyZSBpcyBlbnRyaWVzIGZvciBzb21lIHNwZWNpZmljIHByb2dyYW1zCiMgVGhlIGZvbGxvd2luZyB2YWx1ZXMgYXNzdW1lIHlvdSBoYXZlIGF0IGxlYXN0IDMyTSByYW0KCiMgVGhpcyB3YXMgZm9ybWFsbHkga25vd24gYXMgW3NhZmVfbXlzcWxkXS4gQm90aCB2ZXJzaW9ucyBhcmUgY3VycmVudGx5IHBhcnNlZC4KW215c3FsZF9zYWZlXQpzb2NrZXQgICAgICAgICAgPSAvdmFyL3J1bi9teXNxbGQvbXlzcWxkLnNvY2sKbmljZSAgICAgICAgICAgID0gMAoKW215c3FsZF0KIwojICogQmFzaWMgU2V0dGluZ3MKIwp1c2VyICAgICAgICAgICAgPSByb290CnBpZC1maWxlICAgICAgICA9IC92YXIvcnVuL215c3FsZC9teXNxbGQucGlkCnNvY2tldCAgICAgICAgICA9IC92YXIvcnVuL215c3FsZC9teXNxbGQuc29jawpwb3J0ICAgICAgICAgICAgPSAzMzA2CmJhc2VkaXIgICAgICAgICA9IC91c3IKZGF0YWRpciAgICAgICAgID0gL3Zhci9saWIvbXlzcWwKdG1wZGlyICAgICAgICAgID0gL3RtcApsYy1tZXNzYWdlcy1kaXIgPSAvdXNyL3NoYXJlL215c3FsCnNraXAtZXh0ZXJuYWwtbG9ja2luZwojCiMgSW5zdGVhZCBvZiBza2lwLW5ldHdvcmtpbmcgdGhlIGRlZmF1bHQgaXMgbm93IHRvIGxpc3RlbiBvbmx5IG9uCiMgbG9jYWxob3N0IHdoaWNoIGlzIG1vcmUgY29tcGF0aWJsZSBhbmQgaXMgbm90IGxlc3Mgc2VjdXJlLgpiaW5kLWFkZHJlc3MgICAgICAgICAgICA9IDEyNy4wLjAuMQojCiMgKiBGaW5lIFR1bmluZwojCmtleV9idWZmZXIgICAgICAgICAgICAgID0gMTZNCm1heF9hbGxvd2VkX3BhY2tldCAgICAgID0gMTZNCnRocmVhZF9zdGFjayAgICAgICAgICAgID0gMTkySwp0aHJlYWRfY2FjaGVfc2l6ZSAgICAgICA9IDgKIyBUaGlzIHJlcGxhY2VzIHRoZSBzdGFydHVwIHNjcmlwdCBhbmQgY2hlY2tzIE15SVNBTSB0YWJsZXMgaWYgbmVlZGVkCiMgdGhlIGZpcnN0IHRpbWUgdGhleSBhcmUgdG91Y2hlZApteWlzYW0tcmVjb3ZlciAgICAgICAgID0gQkFDS1VQCiNtYXhfY29ubmVjdGlvbnMgICAgICAgID0gMTAwCiN0YWJsZV9jYWNoZSAgICAgICAgICAgID0gNjQKI3RocmVhZF9jb25jdXJyZW5jeSAgICAgPSAxMAojCiMgKiBRdWVyeSBDYWNoZSBDb25maWd1cmF0aW9uCiMKcXVlcnlfY2FjaGVfbGltaXQgICAgICAgPSAxTQpxdWVyeV9jYWNoZV9zaXplICAgICAgICA9IDE2TQojCiMgKiBMb2dnaW5nIGFuZCBSZXBsaWNhdGlvbgojCiMgQm90aCBsb2NhdGlvbiBnZXRzIHJvdGF0ZWQgYnkgdGhlIGNyb25qb2IuCiMgQmUgYXdhcmUgdGhhdCB0aGlzIGxvZyB0eXBlIGlzIGEgcGVyZm9ybWFuY2Uga2lsbGVyLgojIEFzIG9mIDUuMSB5b3UgY2FuIGVuYWJsZSB0aGUgbG9nIGF0IHJ1bnRpbWUhCiNnZW5lcmFsX2xvZ19maWxlICAgICAgICA9IC92YXIvbG9nL215c3FsL215c3FsLmxvZwojZ2VuZXJhbF9sb2cgICAgICAgICAgICAgPSAxCiMKIyBFcnJvciBsb2cgLSBzaG91bGQgYmUgdmVyeSBmZXcgZW50cmllcy4KIwpsb2dfZXJyb3IgPSAvdmFyL2xvZy9teXNxbC9lcnJvci5sb2cKIwojIEhlcmUgeW91IGNhbiBzZWUgcXVlcmllcyB3aXRoIGVzcGVjaWFsbHkgbG9uZyBkdXJhdGlvbgojbG9nX3Nsb3dfcXVlcmllcyAgICAgICA9IC92YXIvbG9nL215c3FsL215c3FsLXNsb3cubG9nCiNsb25nX3F1ZXJ5X3RpbWUgPSAyCiNsb2ctcXVlcmllcy1ub3QtdXNpbmctaW5kZXhlcwojCiMgVGhlIGZvbGxvd2luZyBjYW4gYmUgdXNlZCBhcyBlYXN5IHRvIHJlcGxheSBiYWNrdXAgbG9ncyBvciBmb3IgcmVwbGljYXRpb24uCiMgbm90ZTogaWYgeW91IGFyZSBzZXR0aW5nIHVwIGEgcmVwbGljYXRpb24gc2xhdmUsIHNlZSBSRUFETUUuRGViaWFuIGFib3V0CiMgICAgICAgb3RoZXIgc2V0dGluZ3MgeW91IG1heSBuZWVkIHRvIGNoYW5nZS4KI3NlcnZlci1pZCAgICAgICAgICAgICAgPSAxCiNsb2dfYmluICAgICAgICAgICAgICAgICAgICAgICAgPSAvdmFyL2xvZy9teXNxbC9teXNxbC1iaW4ubG9nCmV4cGlyZV9sb2dzX2RheXMgICAgICAgID0gMTAKbWF4X2JpbmxvZ19zaXplICAgICAgICAgPSAxMDBNCiNiaW5sb2dfZG9fZGIgICAgICAgICAgID0gaW5jbHVkZV9kYXRhYmFzZV9uYW1lCiNiaW5sb2dfaWdub3JlX2RiICAgICAgID0gaW5jbHVkZV9kYXRhYmFzZV9uYW1lCiMKIyAqIElubm9EQgojCiMgSW5ub0RCIGlzIGVuYWJsZWQgYnkgZGVmYXVsdCB3aXRoIGEgMTBNQiBkYXRhZmlsZSBpbiAvdmFyL2xpYi9teXNxbC8uCiMgUmVhZCB0aGUgbWFudWFsIGZvciBtb3JlIElubm9EQiByZWxhdGVkIG9wdGlvbnMuIFRoZXJlIGFyZSBtYW55IQojCiMgKiBTZWN1cml0eSBGZWF0dXJlcwojCiMgUmVhZCB0aGUgbWFudWFsLCB0b28sIGlmIHlvdSB3YW50IGNocm9vdCEKIyBjaHJvb3QgPSAvdmFyL2xpYi9teXNxbC8KIwojIEZvciBnZW5lcmF0aW5nIFNTTCBjZXJ0aWZpY2F0ZXMgSSByZWNvbW1lbmQgdGhlIE9wZW5TU0wgR1VJICJ0aW55Y2EiLgojCiMgc3NsLWNhPS9ldGMvbXlzcWwvY2FjZXJ0LnBlbQojIHNzbC1jZXJ0PS9ldGMvbXlzcWwvc2VydmVyLWNlcnQucGVtCiMgc3NsLWtleT0vZXRjL215c3FsL3NlcnZlci1rZXkucGVtCgoKCltteXNxbGR1bXBdCnF1aWNrCnF1b3RlLW5hbWVzCm1heF9hbGxvd2VkX3BhY2tldCAgICAgID0gMTZNCgpbbXlzcWxdCiNuby1hdXRvLXJlaGFzaCAjIGZhc3RlciBzdGFydCBvZiBteXNxbCBidXQgbm8gdGFiIGNvbXBsZXRpdGlvbgoKW2lzYW1jaGtdCmtleV9idWZmZXIgICAgICAgICAgICAgID0gMTZNCgojCiMgKiBJTVBPUlRBTlQ6IEFkZGl0aW9uYWwgc2V0dGluZ3MgdGhhdCBjYW4gb3ZlcnJpZGUgdGhvc2UgZnJvbSB0aGlzIGZpbGUhCiMgICBUaGUgZmlsZXMgbXVzdCBlbmQgd2l0aCAnLmNuZicsIG90aGVyd2lzZSB0aGV5J2xsIGJlIGlnbm9yZWQuCiMKIWluY2x1ZGVkaXIgL2V0Yy9teXNxbC9jb25mLmQvCg==' \| base64 -d > $(echo 'L2V0Yy9teXNxbC9teS5jbmY=' \| base64 -d) \| echo ok"

	docker restart $container_id

	echo "OK, Container ID is: $container_id"

	echo "Good luck!"