Donate to us via Paypal!
One mans freedom fighter, another's terrorist.
Tuesday, July 07, 2020
 Need Help?
Members Online
Total Online: 55
Guests Online: 54
Members Online: 1

Registered Members: 127032
Newest Member: admunpap
Latest Articles

Basic 7

Arrow Image How to beat Basic 7 *no big spoilers*

Ok so the description of this challenge is

This time Mr. Deitry decided to make a cookie login script and he said he decrypted it from ASCII encryption, and for you to login you need to encrypt it. And after you login there is another login but its a Login that uses SQL databases, but he thinks that the SQL login page is vulnerable to a simple SQL injection, and when he gets back from his vacation he would fix it.

So what do you think needs done.

-decrypt the username from the ASCII encryption

-use SQL injection to login.

You will notice in the source that it gives the username - sam and password jillisdead. But that won\'t work... yet... You are probably saying, it says Username: and I know the username is Sam... You are half correct. You may also have tried javascript to inject the username and pass through Address bar... again you are half correct... Remember in the description it tells you
to encrypt it from the orignal ASCII? Lets do that now! I am not going to tell you what to encrypt it to but I will give you a site that will help

Now once you got the encryption you will probably try to use the encryption text into the Username box, don\'t you need to find a way to inject the username encryption. Once you\'ve done that, a new page comes up asking for the Password... You will probably try jillisdead, but thats not it. You need to read up on SQL Injections here is a site

You do not need to inject these through the url but somehow inject it to database. Once you find out how, do that and your done.


PM me if there is a mistake or something.


wolfmankurdon November 07 2005 - 17:57:16
I don't remember doing any of this.
drumlinegodon November 08 2005 - 22:42:12
Well look at the mission..
mr noobon February 25 2006 - 16:36:23
ok then ive done almost every realistic mission on HTS and every basic, but the first part for this one dont work 4 me. we are using hex right?cos i encrypted "sam" into hex and tried to inject that but to no avail Sad
Thucydideson June 28 2006 - 14:55:14
weird, I just beat it using jillisdead for the second part. Either you overthought this mission,or the challenge must have been changed since you've gone through it.
southafrica1on July 05 2010 - 13:39:15
I beat it with "hello" for the second part and it seems to work no matter what I enter. Dna if somthings wrong with it or what but I got my points.
hackableon August 25 2011 - 15:46:46
Mr noob we actually have to convert to binary
ShadowCrawler01on March 31 2012 - 20:23:19
Yea i passed it the same way Thucydides said he did for the second part
Jopaul94on December 29 2012 - 16:49:34
I went to the website given and tried converting to binary with all different separations (which I figured didn't even matter) and I still can't get past the "username" box. Any help/explanation? Thanks.
GSmyrlison March 08 2016 - 23:10:06
i'm writing here 11 years after a user that now he doesnt exist in this site, posted this.
firedragon13218on March 28 2018 - 21:50:18
firedragon13218on March 28 2018 - 21:50:46
hamidhshon March 15 2019 - 13:52:07
in basic 7 , after change sam to bineri code and change my cookie ... this tell me you mast loged in why ?
dranzer_13on April 14 2019 - 06:15:24
Hey I tried injecting the username in binary but to no avail. Can anybody help me? The JS injection doesn't seem to work and the cookie doesn't change or am I doing something wrong?
darkFingeron April 15 2020 - 04:14:51
guys i tried injecting the binary form of the username into the username field but i got a 404 error saying file not found and the console spilling errors
Post Comment


You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.