Join us on Slack!
Ideas are far more powerful than guns.
Friday, April 26, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 42
Guests Online: 41
Members Online: 1

Registered Members: 113181
Newest Member: sharonwx11
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Basic 20

Blackbbbb6
Member



Posts: 5
Location:
Joined: 10.11.15
Rank:
Moderate
Posted on 12-11-15 12:36
I give up.

Smile
Author

RE: Basic 20

Huitzilopochtli
Member



Posts: 1613
Location:
Joined: 19.02.13
Rank:
God
Posted on 13-11-15 02:43
Don't think logically ........ think locally. Wink
Author

RE: Basic 20

Blackbbbb6
Member



Posts: 5
Location:
Joined: 10.11.15
Rank:
Moderate
Posted on 13-11-15 03:18
Huitzilopochtli wrote:
Don't think logically ........ think locally. Wink


Can you elaborate, what do you mean by locally?
Author

RE: Basic 20

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 13-11-15 12:03
Read this thread https://www.hellboundhackers.org/forum/basic_20-7-16805_0.html
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Basic 20

Blackbbbb6
Member



Posts: 5
Location:
Joined: 10.11.15
Rank:
Moderate
Posted on 14-11-15 01:49
rex_mundi wrote:
Read this thread https://www.hellboundhackers.org/forum/basic_20-7-16805_0.html


I think I've read almost all of the threads posted in here about basic 20. Still, I have no idea what I'm doing. Well, I know what I'm supposed to do (I guess?). I just have no clue where to input it and at which line.

Edited by Blackbbbb6 on 14-11-15 01:57
Author

RE: Basic 20

Blackbbbb6
Member



Posts: 5
Location:
Joined: 10.11.15
Rank:
Moderate
Posted on 14-11-15 01:56
I couldn't find any other articles that can help me understand further. This one (https://www.hellboundhackers.org/articles/read-article.php?article_id=457) just confuses me.
Author

RE: Basic 20

Huitzilopochtli
Member



Posts: 1613
Location:
Joined: 19.02.13
Rank:
God
Posted on 16-11-15 11:46
I can see why that article would confuse a beginner, but the title alone should be enough to point you in the right direction from where to launch your attack.

As for the injection itself, it's not looking for anything complicated, you don't need to retrieve any data, or execute multiple queries, all that's needed is a basic sql injection, so basic in fact, you've already done it in a previous challenge, the only difference here is, the injection point isn't in a login form this time.

Edited by Huitzilopochtli on 16-11-15 11:52
Author

RE: Basic 20

Blackbbbb6
Member



Posts: 5
Location:
Joined: 10.11.15
Rank:
Moderate
Posted on 17-11-15 05:22
Okay, so, just to show you guys how dumb I am at this, I've PM'ed some you guys screenshot linking to what I did.
Author

RE: Basic 20

Huitzilopochtli
Member



Posts: 1613
Location:
Joined: 19.02.13
Rank:
God
Posted on 17-11-15 13:58
It wasn't that dumb, you're just over thinking it man, I sent you some pointers in my reply.
Author

RE: Basic 20

SpitFire46
Member



Posts: 14
Location: Anywhere
Joined: 17.05.16
Rank:
Mad User
Posted on 23-11-16 07:37
I did something in c****** and then it says "Nice try,but blalbalblabla"..
I don't know what to do next..Can you show me the correct path??Shock

Edited by SpitFire46 on 23-11-16 07:43
P        I I        R
Author

RE: Basic 20

gobzi
Member



Posts: 116
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 23-11-16 09:08
Use an intercepting proxy (preferably burp). Intercept your request and send to to repeater. Start playing with the cookie. Win.

Tbh I don't remember the challenge, but as Huitzilopochtli said, the article's title gives you the answer. (Cookie poisoning/SQLi)


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr

Edited by gobzi on 23-11-16 09:08
goo.gl/8st1AR