Join us on Slack!
One mans freedom fighter, another's terrorist.
Tuesday, July 16, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 76
Guests Online: 73
Members Online: 3

Registered Members: 116297
Newest Member: Pills3b
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

basic 21

CrimsonKnight007
Member



Posts: 18
Location:
Joined: 09.02.16
Rank:
Active User
Posted on 09-09-16 02:27
i think i need a push in the right direction i know the database uses MSSQL and i get an error when i put an ' in one of the boxes but i don't know where to go from there Sad


the statement below is true
the statement above is false
Author

RE: basic 21

Huitzilopochtli
Member



Posts: 1620
Location:
Joined: 19.02.13
Rank:
God
Posted on 09-09-16 03:09
The challenge is based on this white paper (I think) so if you follow the examples step by step, you should be able to understand what's going on. https://crypto.st. . .ection.pdf
Author

RE: basic 21

potat0wned
Member



Posts: 25
Location:
Joined: 31.10.13
Rank:
Elite
Posted on 11-09-16 04:36
I've not come across this before, how widespread and commonly used is it on the interwebz?
Author

RE: basic 21

Huitzilopochtli
Member



Posts: 1620
Location:
Joined: 19.02.13
Rank:
God
Posted on 15-09-16 01:29
MsSql used to be everywhere but it's probably not as commonly used nowadays as it once was.

Though the UK government and Microsoft cut some deal a while back, so most Local government sites, schools and councils, as well as things like the NHS are all still using the .Net framework.

No expense spared when you're dishng out taxpayers money.
Author

RE: basic 21

gobzi
Member



Posts: 118
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 15-09-16 10:22
We get at least 1 SQLi every 7-10 days, even from BIG UK/EU clients. Don't forget the http://codecurmudgeon.com/wp/sql-injection-hall-of-shame/


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr

Edited by gobzi on 15-09-16 10:22
goo.gl/8st1AR
Author

RE: basic 21

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 20-09-16 15:33
Ah I've seen this site before, it looks like my victims list lol.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ