Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 29
Members Online: 3

Registered Members: 82847
Newest Member: Zanjux
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 19:59
Okay ...
This is what i've tried....

?id=1 U**** A** S***** 1,2,3,4,5 from A*******

But had no luck ... a push in the right direction???


Author

RE: argh bas 18

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 22-06-07 20:10
PM me with the things you have tried.


anbu.sf@hotmail.com
Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 21:14
Try thinking of a way to list them rather than 1,2,3,4,5... for instance what if the tables you've selected don't line up exactly... maybe thats not too much of a spoiler :happy:


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 21:18
FINALLY argh this challenge has taken so long. i knew what to do, i just couldnt get it right. follow the advice above and read some of the other threads, it will only be a matter of time until you get it
good luck


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 21:44
hmm i still aint quite sure, so do i select n*ll ??


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 21:47
getting warmer...think about exactly what you are doing.


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 22:38
Trying not to give it ALL away but think of what you are trying to select, modify your first with what you may have found Wink


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-07 22:48
also, as always, read old forum posts/articles.

that's what helped me do this one.

:happy:


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-07-07 02:01
I'm still in the dark as what to do. I got that like "?id=1 A** 1=1"

That would return TRUE and the server evaluates that. It hasn't blocked that type of user input so the evaluation passes. While if 1=2 then it returns invalid article.

Then I do the "OR**R B* 5" and play with the ending number to find the size. That is number of columns correct?

I didn't really get the union thing from : http://hellboundhackers.org/articles/345-Blind%20SQL%20Injection.html

Any help is appreciated. I just don't know what to do. Most of the otehr challenges were easy before this.... Guess that's the point though:ninja:
Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-07-07 08:09
I'm stuck here too. I thought it would go something like this:
?id=1 U***N A** S***CT * FROM A******S WHERE 1=1--

but nothing I try seems to work. Any more hints?
Author

RE: argh bas 18

mido
Member

Your avatar

Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank:
Monster
Posted on 05-07-07 09:13
@djdotti:
Youre right, but not 4, 5, cuz the articles are just 3 Wink
Try nulling them

And @jbjoker: You won't select them with just an * (star)...


www.hellboundhackers.org/sig/r/16019.png



Edited by mido on 05-07-07 14:06
mido_eg3[at]hotmail.com
Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-07-07 12:26
@jbjoker.. be more specific with what ur selecting


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-07-07 18:28
well I tried the 1, 2, 3, n***, n*** and it doesn't seem to be helping. None of the SQL tutorials I have help either. Is it more advanced than that? Like do I need to mess with substrings or whatnot? Or could someone link me to a better tutorial than the one on here?
Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-07-07 19:15
hmm... think about this.. is the columns dont line up exactly then it doesnt help you to name columns from one table that dont exist in both tables... maybe that will be enough ^_^


Author

RE: argh bas 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-06-09 23:40
so with the O**** ** we can know how many file there are once we have the exact number we do U**** *** S***** "+" F*** a*******
try to think in some general way to replace the + so it matches the number
Author

RE: argh bas 18

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 06-06-09 01:54
Wow nice post, Your hint should help the people who where looking for help 2 yrs ago finally get it. Nice!


Edit: This is sarcasm by the way.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.

Edited by korg on 06-06-09 20:26
O R
Author

RE: argh bas 18

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 17-06-09 18:13
Well, you pretty much gave away the answer by saying null it.


Wisdom spared is wisdom squared.
Author

RE: argh bas 18

appzone
Member

Your avatar

Posts: 9
Location:
Joined: 29.07.10
Rank:
Guest
Warn Level: 30
Posted on 09-12-10 03:42
is there any clue??
appzone