Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 25
Members Online: 0

Registered Members: 82905
Newest Member: BLckLIght
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Page 1 of 2 1 2 >
Author

Basic 18

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 11:43
what exactly is the objective in basic 18



:ninja:
http://2130706433
Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 12:03
To learn more about Blind SQL Injection.


Author

RE: Basic 18

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 24-06-08 12:13
The challenge description says:
system_meltdown coded an article script which pulls articles from the database and echoes the content, but we think it could have a possible problem, he mentioned something to do with blind something.

Databases, "blind something"... It shouldn't be hard to figure out what this challenge is all about Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Basic 18

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 12:29
yea it's b++++ I++++++++ and building a db picture but ounce you have that what would you do


just sit back and be happy you have the info?? where do you use this acquired info at??



:ninja:
http://2130706433
Author

RE: Basic 18

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 12:42
ok i just got something one this challenge and im not sure what happened

i got


Code
Article 1 AND 1=1;




this was displayed on the page itself

what did i screw up on



:ninja:
http://2130706433
Author

RE: Basic 18

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 24-06-08 13:45
yeah that's bullcrap Wink you don't write "article" in the id var, just numbers, then you are sort of on right track,just research *Q* injection and then blind *Q* injection in more depth...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Basic 18

DeafCode
Member



Posts: 214
Location:
Joined: 04.05.08
Rank:
Apprentice
Warn Level: 30
Posted on 24-06-08 13:49
i did and i got this site
[url]
http://www.imperva.com/resources/adc/blind_sql_server_injection.html
Imperva ADC | Blind SQL Injection[/url]

i read it and decided to try a ; to end the original *q* Q**** and begin my own and it prints the original 2nd W**** clause and drops the rest





:ninja:
http://2130706433
Author

RE: heres alittle help

elmiguel
Member



Posts: 161
Location: Your Computer
Joined: 12.12.07
Rank:
God
Posted on 24-06-08 13:52
Ok, heres a little help without any answers.


1: Search the site for Blind *** *********. (this shouldn't be hard, its one of the most read "articles".)

2: Read up on the UNION statement.

3: If 1 & 2 still do not help you, Google "Advanced SQL Injection" there is a pdf out there that has all the information in it. You will know when you have the right one. **hint** this pdf is also posted in the forums by other members, maybe look here first.

Believe it or not the those three suggestions WILL give you the information to complete this challenge.


Admins: If this gives out to much please edit.


The philosophy of one century is the common sense of the next. -Fortune Cookie

I would like to thank a few friends that I have made here that helped me and deserve to be mentioned:
System_Meltdown, Futility, nvrlivenvrdie, Mastergamer, TrueHacker, S1L3NTKn1GhT, Reelix, ynori7, Demons Halo, kryptor

www.hellboundhackers.org/sig/r/24963.png

www.hellboundhackers.org/sig/hbh2.png
<script>alert('XSS');</script>
Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 14:09
Look through the forums and articles before asking man. Just thought I'd point this out for future reference.
And I didnt try to edit Blind SQL because if anyone does a little research through the forums its written everywhere.


Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-08 15:28
DeafCode wrote:
what exactly is the objective in basic 18

They are trying to teach you the technique of blind sql whereby you can manipulate basic sql commands to get information from a ssystem.The final answer is just some sql ,i would suggest that you do some resarch on google.if you are familiar with hack this site, there is a realistic mission that is similar .i think it is realistic 4.
Author

RE: Basic 18

hotsauce
Member



Posts: 7
Location: /usr/bin/***
Joined: 12.02.10
Rank:
Newbie
Posted on 12-02-10 09:48
redhothacker wrote:
DeafCode wrote:
what exactly is the objective in basic 18

They are trying to teach you the technique of blind sql whereby you can manipulate basic sql commands to get information from a ssystem.The final answer is just some sql ,i would suggest that you do some resarch on google.if you are familiar with hack this site, there is a realistic mission that is similar .i think it is realistic 4.


Yes, but the spacing is different in this one I believe. I had this injection correct after the 2nd or 3rd try, only to realize I had bad spacing around my commas.


I realize the thread is very old. It's more for other people trying to solve this. If you have happened to recently completed HTS Real 4, then you will probably try to apply a similar injection here, only to realize your spacing was off the hold time.


i1021.photobucket.com/albums/af337/68-6f-74-73-61-75-63-65/gundam.png
Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-10 07:33
why "and 1=1" works
and "and 2=2" does not.
I'm frustrated.
Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-10 21:59
probably because 1=1 is hardcoded in the verification for the "correct answer", in a real life situation though they are both the same..
Author

RE: Basic 18

appzone
Member

Your avatar

Posts: 9
Location:
Joined: 29.07.10
Rank:
Guest
Warn Level: 30
Posted on 09-12-10 03:42
is there any clue??
appzone
Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-12-10 04:22
30% warn for posting this question to all the basic 18 threads. Please don't spam the forums.

~samurai


Author

RE: Basic 18

techb
Member



Posts: 384
Location:
Joined: 15.02.09
Rank:
Moderate
Posted on 09-12-10 04:31
There should be an auto-lock feature on forums after a certain time has lapsed.


www.userbars.com/74460/665255/337-7865-ubda3219.gif
kbcarte.wordpress.com
Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-07-11 03:44
I'm also stuck on this...

I got up to "O*D** BY 5".
Next step I believed was to "**IO* *L* **L*CT 1,2,3,4,5". But that didn't work. Why???

could I PM someone for help?
Author

RE: Basic 18

Night_Stalker
Member

Your avatar

Posts: 329
Location:
Joined: 01.02.07
Rank:
Apprentice
Warn Level: 10
Posted on 14-07-11 07:00
espartaniac wrote:
I'm also stuck on this...

I got up to "O*D** BY 5".
Next step I believed was to "**IO* *L* **L*CT 1,2,3,4,5". But that didn't work. Why???

could I PM someone for help?


From your profile, I'm guessing you finally got it. Congratz.

Ya' did some horrid necrophiliac shit on with this thread though. o.O

If you have any trouble with future challenges, PM me, and I'll be glad to help you out some.
Just no more bumping dead threads though, eh. Would be nice. Pfft


Author

RE: Basic 18


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-07-11 06:14
yeah, i got it Smile

sorry, but why shouldn't I ask a question on a thread that's been inactive (that's what you meant about necrophilia, right? lol)? (it's a legit question... i'm not trying to be rude)

is that why I got 'warned'? Sad

Author

RE: Basic 18

kaden
Member



Posts: 36
Location: Australia
Joined: 11.08.06
Rank:
Newbie
Posted on 15-07-11 06:34
it was most probably the reason, yes.
if a thread has been dead for a while, its better to make a new thread, and for people to forget the old one.

if there was useful information in one of the old ones you can always post that you saw something in the other threads.

just best to make a new thread as apposed to continuing an old one.


no one dies a virgin... life fucks us all.
hellboundhackers.org/sig/r/10735.png
Page 1 of 2 1 2 >