Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82807
Newest Member: Black Hawk
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Page 1 of 3 1 2 3 >
Author

basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 18:48
well, let me be the first to start a thread on it

so, i tried typing in a certain character- if you've done it, you know what i mean, i've used it in this post... after typing it in, i get the error message but have no blue what to do from there. Any help?

Thanks


Author

RE: basic 21

mikispag
Member



Posts: 43
Location: Italy
Joined: 14.11.06
Rank:
Newbie
Posted on 27-03-07 19:45
Yes me too Sad


www.trovatel.net/img/userbar.gif
Code is written, future is not
http://www.trovatel.net
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 20:13
i think the chall is REALLY buggy actually....
a few things:
80040E14 is not an "unenclosed ***" error
enter the "character" into the user name and it says your password is wrong
enter it into the password and its fine
it says you used a different character than you used


Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 20:18
only_samurai wrote:

80040E14 is not an "unenclosed ***" error


lol ya i tried googleing the error just to see what came up, that confused me

and also the challenge descriptions says "This time Drake invented another secure PHP and MSSQL login. But he once again failed to secure it..."
its secure but not secure?????!!!!!




Edited by on 27-03-07 20:22
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 20:23
im at the same point as everybody else on this one. i can get as far as this one character, but if it accepts that surely it would accept a bog standard SQL injection? :S


Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 20:53
Don't try character per character to find the username Wink

PM me what you guys have, I'll adjust some things. Please note that we have to simulate everything in a challenge. Making a real connection to a database would be a bit hazardous for HBH Wink

The challenge is new, so if you have any suggestions or remarks, you can PM me about them and I'll do my best.


Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 21:08
no the_cell were not trying to try to find the username char by char, we mean the single character that generates the SQL error in the first place.


Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 21:19
yeah that is all I'm coming up with....i tried reading up on the error but found nothing useful


Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 22:44
you need to be able to put more than just that character into the username field but anytime you do it goes straight to not found.

extra: i think the errors need to be changed because the error is static yet it really shouldnt and wouldnt be.




Edited by on 27-03-07 22:55
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-03-07 23:22
i think we are supposed to use different sql injections not the same old
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-07 00:23
you could create a database just for challenges..
i agree with what's been said.

it's either blind or not blind. and in this case it's not blind for a standart thing so we should receive dynamic errors according to our imput.

this way we'll just have to guess what you had in mind for a solution


Author

RE: basic 21

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 28-03-07 02:53
ive found a way to generate the error and I found a clue to extract more information by using this single character..

after the 3rd step where it says (tablename).password it doesnt generate a error anymore. im baffled from there..

is it a code bug or am i doing something wrong?

PM me pls


know where to Look
Author

RE: basic 21

mikispag
Member



Posts: 43
Location: Italy
Joined: 14.11.06
Rank:
Newbie
Posted on 28-03-07 12:26
I managed to get the SQL Server error '80040e14' using the username field, but still no luck injecting... Sad

Please tell us some hints Wink


www.trovatel.net/img/userbar.gif
Code is written, future is not
http://www.trovatel.net
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-07 14:50
good job, The_Cell, you got the entire site stumped except you and system... now can we please have some advice!!!! lol...


Author

RE: basic 21

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 28-03-07 15:04
come on. i need some pointers/advice/hints!!!

I got the error, got the injection to work. but it doesnt work when it comes to "password" anybody who beat this please PM ME!! because I dont want to leave out any spoliers that im very tempted to type out.









know where to Look
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-07 15:40
i think this challenge wants you to follow a very specific path in gathering info if you stroll away from it you wont get any errors.. or in my case i was typing the right stuff but without a space after a ,
so watch out for that

(nope haven't done it but i'm past the beginning)


Author

RE: basic 21

mikispag
Member



Posts: 43
Location: Italy
Joined: 14.11.06
Rank:
Newbie
Posted on 28-03-07 16:07
Any hint? Smile


www.trovatel.net/img/userbar.gif
Code is written, future is not
http://www.trovatel.net
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-07 18:54
Sorry that the challenge isn't super yet but coding every possible error for every possible case isn't a walk in the park Wink

For the ones who know SQL: just HAVING an idea would get you far Wink Hope you get the hint..


Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-07 19:38
i found an error and i found the name of the table and the names of the columns.... what should i do next ?
Author

RE: basic 21


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-03-07 20:00
The_Cell wrote:
Sorry that the challenge isn't super yet but coding every possible error for every possible case isn't a walk in the park Wink

For the ones who know SQL: just HAVING an idea would get you far Wink Hope you get the hint..


ok...i get the hint; now it is time for me to try to use it


Page 1 of 3 1 2 3 >