Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 31
Guests Online: 25
Members Online: 6

Registered Members: 82881
Newest Member: DARKLECTER
Latest Articles

Basic 7

Arrow Image How to beat Basic 7 *no big spoilers*



Ok so the description of this challenge is

This time Mr. Deitry decided to make a cookie login script and he said he decrypted it from ASCII encryption, and for you to login you need to encrypt it. And after you login there is another login but its a Login that uses SQL databases, but he thinks that the SQL login page is vulnerable to a simple SQL injection, and when he gets back from his vacation he would fix it.

So what do you think needs done.

-decrypt the username from the ASCII encryption

-use SQL injection to login.

Start.
---------------------
You will notice in the source that it gives the username - sam and password jillisdead. But that won\'t work... yet... You are probably saying, it says Username: and I know the username is Sam... You are half correct. You may also have tried javascript to inject the username and pass through Address bar... again you are half correct... Remember in the description it tells you
to encrypt it from the orignal ASCII? Lets do that now! I am not going to tell you what to encrypt it to but I will give you a site that will help

http://nickciske.com/tools/

Now once you got the encryption you will probably try to use the encryption text into the Username box, don\'t you need to find a way to inject the username encryption. Once you\'ve done that, a new page comes up asking for the Password... You will probably try jillisdead, but thats not it. You need to read up on SQL Injections here is a site

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

You do not need to inject these through the url but somehow inject it to database. Once you find out how, do that and your done.

Congrats

PM me if there is a mistake or something.

Comments

wolfmankurdon November 07 2005 - 17:57:16
I don't remember doing any of this.
drumlinegodon November 08 2005 - 22:42:12
Well look at the mission..
mr noobon February 25 2006 - 16:36:23
ok then ive done almost every realistic mission on HTS and every basic, but the first part for this one dont work 4 me. we are using hex right?cos i encrypted "sam" into hex and tried to inject that but to no avail Sad
Thucydideson June 28 2006 - 14:55:14
weird, I just beat it using jillisdead for the second part. Either you overthought this mission,or the challenge must have been changed since you've gone through it.
southafrica1on July 05 2010 - 13:39:15
I beat it with "hello" for the second part and it seems to work no matter what I enter. Dna if somthings wrong with it or what but I got my points.
hackableon August 25 2011 - 15:46:46
Mr noob we actually have to convert to binary
ShadowCrawler01on March 31 2012 - 20:23:19
Yea i passed it the same way Thucydides said he did for the second part
Jopaul94on December 29 2012 - 16:49:34
I went to the website given and tried converting to binary with all different separations (which I figured didn't even matter) and I still can't get past the "username" box. Any help/explanation? Thanks.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.