Join us on Slack!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Tuesday, May 21, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 49
Guests Online: 46
Members Online: 3

Registered Members: 114091
Newest Member: DanielAmesy
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

BASIC 18 Y

RDXLOL
Member

Your avatar

Posts: 18
Location: /etc/passwd
Joined: 25.06.18
Rank:
Elite
Posted on 27-06-18 09:59
I have been trying to figure out the character turn by turn but they dont seem to work.
I have been using this as my query id=1' and (SELECT SUBSTRING("SELECT DATABASE()",1,1)>' A'); -- which is true for any word but idk y i keep getting invalid article again and again?? Pls some just clarify me out......

Edited by RDXLOL on 27-06-18 10:00
Author

RE: BASIC 18 Y

Huitzilopochtli
Member



Posts: 1614
Location:
Joined: 19.02.13
Rank:
God
Posted on 27-06-18 17:59
The challenge hints at being based on blind sql injection, but it clearly isn't as there are noticeable changes on the page.

The "Invalid article" message confirms when an injection fails in the exact same way the appearance of an SQL error message would.

This means you can approach it like any normal error based sql injection, without the need for any true or false statements, or time delays.

All that's required of you here is to get the number of columns and the table name, putting them together will be enough to earn you the points. It's really that simple.

PS: Your injection would always fail because:  > 'A'  should be = 'A'
 


.
Author

RE: BASIC 18 Y

RDXLOL
Member

Your avatar

Posts: 18
Location: /etc/passwd
Joined: 25.06.18
Rank:
Elite
Posted on 27-06-18 19:28
Ok I seem to understand what are you saying but why it has to be ='A' i tried typing the same command in mysql and sicnce the name of database starts with a letter it will always be <'A' . In my pc it always giives 1 as ouptut which means its true so 1 and 1 shd be true?? Pleaze clarify it out....
EDIT: Shd I use the ascii value for comparison rather then 'characters?'?

Edited by RDXLOL on 27-06-18 19:30
Author

RE: BASIC 18 Y

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 27-06-18 19:38
Ah if it works locally then ignore what I said, as I'm probably wrong and you're right.

None of that is needed for the challenge though.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: BASIC 18 Y

RDXLOL
Member

Your avatar

Posts: 18
Location: /etc/passwd
Joined: 25.06.18
Rank:
Elite
Posted on 28-06-18 06:04
So is it like the site has blocked this way of injection?? and I just wanted to know then how am i supposed to find the name of the table?? I have clleared this level but just guessed that table name is Ar******. So just wanted to know a proper way....
Author

RE: BASIC 18 Y

Huitzilopochtli
Member



Posts: 1614
Location:
Joined: 19.02.13
Rank:
God
Posted on 28-06-18 22:12
What this challenge is meant to show you, is that you don't have to rely on seeing the sql error messsges in order to exploit the vulnerability.

In a real blind scenario,  even though you'll have access to the information_schema,  it is often much easier and quicker to guess the names of the tables and columns, rather than running an automated attack and spamming the target sites logs.

Guessing the table name IS the proper way to pass the challenge.


.