| Author |
Basic 8... OMFG ! |
Hacker2222
Member
Posts: 2
Location:
Joined: 14.07.07
Rank: Newbie |
|
|
Sorry, I know there's over 20 posts about Basic 8. But, NONE of the posts, articles, and hints on google are helping me. I just don't get it! I tried everything from frikin php commands, HTML injection, javascblockedript injection, SQL Query injection, and mySQL commands, and I can't get it! Been trying for 4 HOURS! I think family_db has something to do with it. PLEASE HELP! |
|
| Author |
RE: Basic 8... OMFG ! |
fashizzlepop
Member
Posts: 482
Location: Old folks home.
Joined: 08.04.08
Rank: Uber Elite |
|
Well it is definitely an SQL injection. Im sure there are people who have said "PM me" in other threads you can ask.
"The definition of insanity is doing the same thing over and over again and expecting different results.
~Albert Einstein~
 |
 
|
| Author |
RE: Basic 8... OMFG ! |
a7x2thedeath
Member
Posts: 66
Location: East Coast U.S.A
Joined: 20.06.08
Rank: Hacker Level 2 |
|
PM Me, show me what you have tried. I have a text file that will contain some helpful data...
 |
|
|
| Author |
RE: Basic 8... OMFG ! |
sam207
Member
Posts: 55
Location: MY LOVELY COUNTRY NEPAL
Joined: 30.08.08
Rank: God |
|
I am also stuck there. Should not the query below be evaluated true??
SELECT * FROM family_db WHERE password='a' or '1'='1'
But that didn't work for me. |
|
| Author |
RE: Basic 8... OMFG ! |
korg
Admin from hell
Posts: 1704
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank: The Master |
|
use a simpler injection. Don't define extra variables.
I deal in pain, All life I drain, I dominate, I seal your fate.
|
|
|
| Author |
RE: reply |
madisonmaniac420
Member
Posts: 25
Location: mad town
Joined: 24.09.08
Rank: Newbie |
|
I'm quite confused as well. An SQL injection?
There is no where to put an SQL injection in the Address Bar.
I dunno ...I've read almost every article on the discussion board about this, and I still don't get it.
Words From A Wise Man...
If you are willing to admit faults, you have one less fault to admit.
Baby conceived on back seat of car with automatic transmission grow up to be shiftless b*stard.
Your heart understands what your head cannot yet conceive; trust your heart.
Edited by madisonmaniac420 on 01-10-08 02:51 |
|
|
| Author |
RE: Basic 8... OMFG ! |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
|
madisonmaniac420 wrote:
I'm quite confused as well. An SQL injection?
There is no where to put an SQL injection in the Address Bar.
SQL injections are not limited to (or not even as likely to succeed with) "the address bar"; that is, GET variables. Any input can be vulnerable to injection. Use the one in the challenge.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: Basic 8... OMFG ! |
madisonmaniac420
Member
Posts: 25
Location: mad town
Joined: 24.09.08
Rank: Newbie |
|
Understood. But...
I've tried putting everything I can think of for the SQL Injection ...
SELECT <something> FROM <database> WHERE password='username'
SELECT <something> FROM <database> WHERE password='?SQL_QUERY'
1=1 all that stuff....
Something isn't clicking in my brain...or I'm just a simpleton.
*shakes head*
So anyone got any advice? Point me in the right direction?
Words From A Wise Man...
If you are willing to admit faults, you have one less fault to admit.
Baby conceived on back seat of car with automatic transmission grow up to be shiftless b*stard.
Your heart understands what your head cannot yet conceive; trust your heart.
Edited by Futility on 01-10-08 18:21 |
|
|
| Author |
RE: Basic 8... OMFG ! |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
In most of those examples, you're not doing an injection. Consider how the input is handled, then try to inject something into the query that is handling the input. Really... that's the fundamental concept of SQL injection. If you can't research SQL injections and understand the logic behind them, I can't really tell you more. More than that would be a spoiler.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: Basic 8... OMFG ! |
madisonmaniac420
Member
Posts: 25
Location: mad town
Joined: 24.09.08
Rank: Newbie |
|
Well that's what a lot of other ppl are posting on some of these threads. I dunno where to look or where to modify really. Can't be in the source ...but whatever ill just read some more ...thanks for the help.
Words From A Wise Man...
If you are willing to admit faults, you have one less fault to admit.
Baby conceived on back seat of car with automatic transmission grow up to be shiftless b*stard.
Your heart understands what your head cannot yet conceive; trust your heart.
|
|
|
| Author |
RE: Basic 8... OMFG ! |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
|
madisonmaniac420 wrote:
Well that's what a lot of other ppl are posting on some of these threads. I dunno where to look or where to modify really.
You're not modifying anything; you're injecting. If you're having that much trouble, you really just need to read about SQL injections before you attempt this one.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: Basic 8... OMFG ! |
Cyph3rHell
Member
Posts: 301
Location: Hackers Paradise
Joined: 25.06.08
Rank: God |
|
|
Zephyr_Pure wrote:
You're not modifying anything; you're injecting. If you're having that much trouble, you really just need to read about SQL injections before you attempt this one.
I agree completely! anyway it's a real easy injection! 
What you see is not the hell... is the HACKERS PARADISE
A little boy asks his father, "Daddy, how much does it cost to get married?" His father replies, "I don't know, son. I'M STILL PAYING FOR IT!"
"It's just too hot to wear clothes today," said Bill as he stepped out of the shower. "Honey, what do you think the neighbors would think if I mowed the lawn like this?" "Probably that I married you for your money," she replied. |
|
|
| Author |
RE: Basic 8... OMFG ! |
Futility
Member
Posts: 715
Location: USA
Joined: 17.12.07
Rank: God |
|
Your injection was almost spot on (which is why I edited it a little), but try to be a little more generic. Believe it or not, it's more complex than it actually has to be. If you can find where to inject it and how to despecify it, then you'll be good. And yes, I know despecify isn't a word. Yet.
|
|
|
| Author |
RE: Basic 8... OMFG ! |
K3174N 420
Member
Posts: 296
Location: In a grow room, growing cannabis.
Joined: 14.09.08
Rank: God
Warn Level: 69
|
|
|
Yet.
ROFL 
yea, this lvl is irritatin, i kno what to do, where to do it and pretty much what fields n such, but i just havnt yet enterd the exact one needed.... not tried loads tbh tho
i been tryin stuff like
?sql_query SELECT * FROM family_db WHERE password = *
?sql_query SELECT * FROM family_db WHERE username = Drake
?sql_query SELECT Drake FROM family_db
and countless ones all slightly differant  annoying...
|
|
|
| Author |
RE: Basic 8... OMFG ! |
Zephyr_Pure
Member
Posts: 2402
Location:
Joined: 15.09.06
Rank: God |
|
K3174N 420 wrote:
i been tryin stuff like
?sql_query SELECT * FROM family_db WHERE password = *
?sql_query SELECT * FROM family_db WHERE username = Drake
?sql_query SELECT Drake FROM family_db
and countless ones all slightly differant annoying...
... And all missing an equal sign.
I still check PMs from time to time.
Our responses were moronic, why shouldn't he follow suit? - Futility |
|
|
| Author |
RE: Basic 8... OMFG ! |
Nasat
Member
Posts: 3
Location:
Joined: 27.04.08
Rank: Moderate |
|
|
Try downloading the SQL Injection add on for firefox... its what i used and it took me about two seconds to complete this with it |
|
|
| Author |
RE: Basic 8... OMFG ! |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
Nasat wrote:
Try downloading the SQL Injection add on for firefox... its what i used and it took me about two seconds to complete this with it
Yeah lol liek downloading t00ls and h4xx0r with them so fckn pwns.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Basic 8... OMFG ! |
Sangeki Rein
Member
Posts: 38
Location: Chicago, Illinois
Joined: 14.09.08
Rank: Monster |
|
Yeah, I agree with Spy, there is no sense in using a tool, the point is to learn... I got this challenge in a few tries. Reading is fundamental with these challenges.
And I am not flaming you in anyway Nasat, it's just that using a tool is not what this sight is about, it's about the learning process.
Free Thinkers are Dangerous (Thanks yours3lf for the sig and avi) |
|
|
| Author |
RE: Basic 8... OMFG ! |
dak914
Member
Posts: 3
Location: Michigan, US of A baby!
Joined: 30.07.08
Rank: Mad User |
|
Ok, I cant for the life of me remember how I finished this one exactly.
I know that you cant use just normal "' OR '1'='1'", that would be way too simple, or too complex  . You have to have at least a little php knowledge, or, advanced html knowledge. Try any old password. DONT JUST HIT SUBMIT!! That wont work...Then, use a very old technique...You know the one you have to use on almost all the basic missions. You'll get what I am talking about.
Finally, learn a couple SQL commands.
Now if we just gave you the answer, would you learn anything???
~Exist (dak914)
~~This post signed by Connor~~ |
|
|
| Author |
RE: RE: Basic 8... OMFG ! |
madisonmaniac420
Member
Posts: 25
Location: mad town
Joined: 24.09.08
Rank: Newbie |
|
Ya I don't feel like learning b/c I've been on this one for like 4 days, and it's obvious it's just a simple SQL injection code.
And no I'm not going to d/l firefox h4x0r t00ls lol...good idea though.
If anyone wants to PM me with some help (aka the answer) id appreciate it.
Also 5 and 6 are a little troublesome. I mean cmon Admin:* is the wildcard?!? tried everything on that one too.
I'm just lazy, and I don't have access to the internet all the time so that's the only reason im asking, and im lazy.
Words From A Wise Man...
If you are willing to admit faults, you have one less fault to admit.
Baby conceived on back seat of car with automatic transmission grow up to be shiftless b*stard.
Your heart understands what your head cannot yet conceive; trust your heart.
|
|
|
Main:
