| Author |
Basic 18 |
DeafCode
Member
Posts: 214
Location:
Joined: 04.05.08
Rank: Hacker Level 3
Warn Level: 30
|
|
what exactly is the objective in basic 18
|
 
|
| Author |
RE: Basic 18 |
K_I_N_G
Member
Posts: 356
Location: ?
Joined: 04.03.08
Rank: Elite |
|
To learn more about Blind SQL Injection.
|
|
|
| Author |
RE: Basic 18 |
Uber0n
Member
Posts: 1963
Location: Sweden
Joined: 13.06.06
Rank: God |
|
|
The challenge descblockedription says:
system_meltdown coded an article scblockedript which pulls articles from the database and echoes the content, but we think it could have a possible problem, he mentioned something to do with blind something.
Databases, "blind something"... It shouldn't be hard to figure out what this challenge is all about 
http://uber0n.webs.com/ |
|
| Author |
RE: Basic 18 |
DeafCode
Member
Posts: 214
Location:
Joined: 04.05.08
Rank: Hacker Level 3
Warn Level: 30
|
|
yea it's b++++ I++++++++ and building a db picture but ounce you have that what would you do
just sit back and be happy you have the info?? where do you use this acquired info at??
|
|
|
| Author |
RE: Basic 18 |
DeafCode
Member
Posts: 214
Location:
Joined: 04.05.08
Rank: Hacker Level 3
Warn Level: 30
|
|
ok i just got something one this challenge and im not sure what happened
i got
Article 1 AND 1=1;
this was displayed on the page itself
what did i screw up on
:ninja:
|
|
|
| Author |
RE: Basic 18 |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
yeah that's bullcrap you don't write "article" in the id var, just numbers, then you are sort of on right track,just research *Q* injection and then blind *Q* injection in more depth...
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
| Author |
RE: Basic 18 |
DeafCode
Member
Posts: 214
Location:
Joined: 04.05.08
Rank: Hacker Level 3
Warn Level: 30
|
|
i did and i got this site
[url]
http://www.imperva.com/resources/adc/blind_sql_server_injection.html
Imperva ADC | Blind SQL Injection[/url]
i read it and decided to try a ; to end the original *q* Q**** and begin my own and it prints the original 2nd W**** clause and drops the rest
|
|
|
| Author |
RE: heres alittle help |
elmiguel
Member
Posts: 132
Location: Your Computer
Joined: 12.12.07
Rank: God |
|
Ok, heres a little help without any answers.
1: Search the site for Blind *** *********. (this shouldn't be hard, its one of the most read "articles".)
2: Read up on the UNION statement.
3: If 1 & 2 still do not help you, Google "Advanced SQL Injection" there is a pdf out there that has all the information in it. You will know when you have the right one. **hint** this pdf is also posted in the forums by other members, maybe look here first.
Believe it or not the those three suggestions WILL give you the information to complete this challenge.
Admins: If this gives out to much please edit.
The philosophy of one century is the common sense of the next. -Fortune Cookie
I would like to thank a few friends that I have made here that helped me and deserve to be mentioned:
System_Meltdown, Futility, nvrlivenvrdie, Mastergamer, TrueHacker, S1L3NTKn1GhT, Reelix, ynori7, Demons Halo, kryptor
|
|
|
| Author |
RE: Basic 18 |
K_I_N_G
Member
Posts: 356
Location: ?
Joined: 04.03.08
Rank: Elite |
|
Look through the forums and articles before asking man. Just thought I'd point this out for future reference.
And I didnt try to edit Blind SQL because if anyone does a little research through the forums its written everywhere.
|
|
|
| Author |
RE: Basic 18 |
redhothacker
Member
Posts: 131
Location: Caribbean
Joined: 28.01.07
Rank: God |
|
|
DeafCode wrote:
what exactly is the objective in basic 18
They are trying to teach you the technique of blind sql whereby you can manipulate basic sql commands to get information from a ssystem.The final answer is just some sql ,i would suggest that you do some resarch on google.if you are familiar with hack this site, there is a realistic mission that is similar .i think it is realistic 4. |
|
|
| Author |
RE: Basic 18 |
hotsauce
Member
Posts: 7
Location: /usr/bin/***
Joined: 12.02.10
Rank: Hacker Level 1 |
|
redhothacker wrote:
DeafCode wrote:
what exactly is the objective in basic 18
They are trying to teach you the technique of blind sql whereby you can manipulate basic sql commands to get information from a ssystem.The final answer is just some sql ,i would suggest that you do some resarch on google.if you are familiar with hack this site, there is a realistic mission that is similar .i think it is realistic 4.
Yes, but the spacing is different in this one I believe. I had this injection correct after the 2nd or 3rd try, only to realize I had bad spacing around my commas.
I realize the thread is very old. It's more for other people trying to solve this. If you have happened to recently completed HTS Real 4, then you will probably try to apply a similar injection here, only to realize your spacing was off the hold time.
 |
|
|
| Author |
RE: Basic 18 |
fleandr
Member
Posts: 17
Location:
Joined: 22.04.10
Rank: HBH Guru |
|
why "and 1=1" works
and "and 2=2" does not.
I'm frustrated. |
|
|
| Author |
RE: Basic 18 |
kambozza
Member
Posts: 1
Location:
Joined: 28.07.10
Rank: Moderate |
|
|
probably because 1=1 is hardcoded in the verification for the "correct answer", in a real life situation though they are both the same.. |
|
|
| Author |
RE: Basic 18 |
appzone
Member
Posts: 9
Location:
Joined: 29.07.10
Rank: Moderate
Warn Level: 30
|
|
|
is there any clue?? |
|
|
| Author |
RE: Basic 18 |
only_samurai
[IRC Rockstar]
Posts: 984
Location: idling in some random irc channel
Joined: 18.08.06
Rank: .|unranked|. |
|
30% warn for posting this question to all the basic 18 threads. Please don't spam the forums.
~samurai
The problem with a fool-proof system, is eliminating the fool.
"His name is Cereal Killer...Like Fruitloops." If you cut me, I bleed binary.
http://blog.psych0tik.net/ |
|
|
| Author |
RE: Basic 18 |
techb
Member
Posts: 384
Location:
Joined: 15.02.09
Rank: Hacker Level 2 |
|
There should be an auto-lock feature on forums after a certain time has lapsed.
|
|
|
| Author |
RE: Basic 18 |
espartaniac
Member
Posts: 7
Location:
Joined: 12.07.11
Rank: Active User
Warn Level: 5
|
|
I'm also stuck on this...
I got up to "O*D** BY 5".
Next step I believed was to "**IO* *L* **L*CT 1,2,3,4,5". But that didn't work. Why???
could I PM someone for help? |
|
|
| Author |
RE: Basic 18 |
Night_Stalker
Member
Posts: 329
Location:
Joined: 01.02.07
Rank: Elite
Warn Level: 10
|
|
|
espartaniac wrote:
I'm also stuck on this...
I got up to "O*D** BY 5".
Next step I believed was to "**IO* *L* **L*CT 1,2,3,4,5". But that didn't work. Why???
could I PM someone for help?
From your profile, I'm guessing you finally got it. Congratz.
Ya' did some horrid necrophiliac shit on with this thread though. o.O
If you have any trouble with future challenges, PM me, and I'll be glad to help you out some.
Just no more bumping dead threads though, eh. Would be nice. 
|
|
|
| Author |
RE: Basic 18 |
espartaniac
Member
Posts: 7
Location:
Joined: 12.07.11
Rank: Active User
Warn Level: 5
|
|
yeah, i got it 
sorry, but why shouldn't I ask a question on a thread that's been inactive (that's what you meant about necrophilia, right? lol)? (it's a legit question... i'm not trying to be rude)
is that why I got 'warned'? 
|
|
|
| Author |
RE: Basic 18 |
kaden
Member
Posts: 30
Location: Australia
Joined: 11.08.06
Rank: God |
|
it was most probably the reason, yes.
if a thread has been dead for a while, its better to make a new thread, and for people to forget the old one.
if there was useful information in one of the old ones you can always post that you saw something in the other threads.
just best to make a new thread as apposed to continuing an old one.
no one dies a virgin... life fucks us all.
 |
|
|
Main:
