Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 16
Guests Online: 16
Members Online: 0

Registered Members: 82876
Newest Member: bhl1986
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Page 1 of 2 1 2 >
Author

basic 8 help.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 27-11-07 05:27
I know this is a lame question, but I seem unable to find the proper PHP syntax to complete this challenge.

I did look at the source at the secure area, and entered my request at the URL box on the secure area and not the password box.

the syntax is ?sql_query SELECT*FROM family_db.

is it the correct syntax? if it isn't, can someone at least tell me what did i do wrong?



img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 05:37
EDIT:
wow, I have no idea what I thinking..."?sql_query=" is right, I'm retarded..must've been really tired or something when I wrote that Pfft




Edited by on 05-12-07 03:47
Author

RE: basic 8 help.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 27-11-07 13:01
mind explaining on how to do it? I'm quite a newbie on this stuff.

i've read some articles on php/sql injection but i still can't figure it out.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 27-11-07 13:02
catinthecpu@hotmail.com
Author

RE: basic 8 help.

flame_1221
Member



Posts: 179
Location: malaysia
Joined: 13.05.07
Rank:
God
Posted on 27-11-07 13:22
You should edit your post coz it might spoil this challenge. You almost right.

T'rtnggl = pas sql_query tu dan jugak spacing.Wink

Edited by flame_1221 on 27-11-07 13:29
127.0.0.1
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-12-07 01:32
When I did it, I didn't use a GET var. Also, what you have, fuser, is actually very close... You're just missing a few key things.


Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-12-07 01:40
Yeah, I just did it... You are VERY close a few and you will be good. And
@Skunkfoot: it is not an action, it is a variable. The GET would be in the PHP not the URL SQL Injection.
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-02-08 17:40
oh man i was so close...
but why should you just wanna dump everything in the website...
thought too much in exploits which grab specific things (i.e. password + username)...
thanks for your help
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-02-08 23:10
PM me, any further would be outright giving it to you


Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-02-08 05:49
captaintk wrote:

but why should you just wanna dump everything in the website...



If you are referring to the URL then it is because variables are passed by GET method. However sometimes GET is more useful then POST but it also provides security issue. This is merely show of probable exploits.
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-02-08 01:37
can i pm someone what i have so far?

i have a question just dont want to spoil
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-02-08 01:37
can i pm someone what i have so far?

i have a question just dont want to spoil
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-02-08 01:50
you can pm me
Author

RE: basic 8 help.

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 25-02-08 01:56
I'm always willing to help. Just make sure you've done your best by yourself first. I'm not here to give away answers.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-02-08 02:40
Look at the source in the secure area after the login thing. you should notice ?s**_q**r*= . Replace it where you think it should go and use your injections


Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-03-08 12:29
Sad

I got the ?s*l_q*e*y , but I don't know where to put it and I'm getting desperateSad


Is it supposed to go to the URL?
Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-03-08 12:51
Ya, you ever seen something like index.php?name=bob ? Think like that


Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-03-08 13:07
Thx man, finally got it.....

BTW I don't think a real website will give us important variable such as the ?s*l_q*e*y thing??

So how do we does it in a real web?


Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-03-08 15:03
Caiim wrote:
Thx man, finally got it.....

BTW I don't think a real website will give us important variable such as the ?s*l_q*e*y thing??

So how do we does it in a real web?


You plan, and test, until you find the appropriate attack.


Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-08 05:09
I got the same, I typed in a random password and went to the securearea.php page and typed in ?S***** * F*** f*****_db after the .php part and refreshed, just said Wrong SQL Query.

help on what I'm doing wrong would be appreciated



Author

RE: basic 8 help.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-08-08 05:15
You can PM me if you would like.


Page 1 of 2 1 2 >