Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 21
Members Online: 3

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-12-10 17:44
Okay, I am sure that I am doing something wrong, but I am not sure what. I have gotten to injecting an sql query in the url box (http://www.hellboundhackers.org/challenges/basic8/secure-area.php?password=????) and I have tried: password=GET password, password=GET password FROM family_db, password=GET password FROM family_db WHERE password='a' or 1=1--, etc. Any hints?
P.S. I have looked at whitepaper's sql injection tutorial and sam207's and I think that I understand the concept decently...

Edited by on 22-12-10 17:49
Author

RE: basic 8

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 22-12-10 17:56
There's a hint in the source. And there is no GET command in sql.
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-12-10 17:58
stranac wrote:
There's a hint in the source. And there is no GET command in sql.

I know:
<!-- ?sql_query -->Wrong SQL query
so when I type hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db and hit enter, I am submitting a query, right?
Author

RE: basic 8

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 22-12-10 18:02
draegon wrote:
I know:
<!-- ?sql_query -->Wrong SQL query
so when I type hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db and hit enter, I am submitting a query, right?


Think about why there's a ? in that comment.
You'll probably get it in a few tries once you figure that out.
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-12-10 18:17
isn't it because you need to put a ? after the php extension?
Author

RE: basic 8

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 22-12-10 18:27
draegon wrote:
isn't it because you need to put a ? after the php extension?


Ok, now combine that with the fact it says '?sql_query'. Really, just try and think about stuff logically.
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-12-10 19:12
so why doesn't "hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db" work?
Author

RE: basic 8

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 22-12-10 19:17
I give up.

There's no point in helping someone if they aren't gonna pay attention to what you say.
Author

RE: basic 8

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 22-12-10 20:06
draegon wrote:
so why doesn't "hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db" work?


Do you understand how PHP GET variables work? Why are you trying to set the variable "password"?

Try learning how the different types of PHP variables work:
http://www.w3scho. . .hp_get.asp
http://www.w3scho. . .p_post.asp


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-12-10 20:11
@stranac: well thanks for the help anyway, I'll keep looking...

Edited by on 22-12-10 20:12
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-12-10 20:23
stealth- wrote:
draegon wrote:
so why doesn't "hellboundhackers.org/challenges/basic/challenge8/secure-area.php?password=SELECT password FROM family_db" work?


Do you understand how PHP GET variables work? Why are you trying to set the variable "password"?

Try learning how the different types of PHP variables work:
http://www.w3scho. . .hp_get.asp
http://www.w3scho. . .p_post.asp

Thanks for the links... i was pretty confused before.
I am still confused about how to inject SQL into the url bar with no get variables present, do I use a '?' after '.php' or not?
I tried: hellboundhackers.org/challenges/basic/challenge8/secure-area.php?@@password
hellboundhackers.org/challenges/basic/challenge8/secure-area.php @@password
hellboundhackers.org/challenges/basic/challenge8/secure-area.php? SELECT password (does the added space do anything?)
I now realize that I was utterly confused earlier, but remain confused now...

Author

RE: basic 8

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 22-12-10 20:25
I'd like to avoid giving out too many spoilers here, so if you'd like you can PM me and I'll give you some more help.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: basic 8


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-02-11 19:05
I have problems with this challenge too.