Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 19
Members Online: 2

Registered Members: 82909
Newest Member: awais
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Realistic Mission 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-06 15:50
Ok... this challenge is really pissing me off !!
I Tried to SQL inject on the Username and password boxes and to SQL inject on the URL bar...
So I always used * ** *==*-- to make A SQL injection...
Though it always appears this message:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/hbh/public_html/challenges/real9/admin.php on line 139
Sorry, this login is invalid.

I don't understand.. what the hell am I supose to do then ?!




Edited by rex_mundi on 26-03-13 14:22
Author

RE: Realistic Mission #9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-06 16:12
i hope you used one = sign




Edited by on 17-08-06 16:13
Author

RE: Realistic Mission #9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-06 23:56
OMG LOL ahahah indeed i type in the = sign twice Grin
Well that's it completed the challenge in 30 seconds when i type in the correct injection xD


Author

RE: Realistic Mission #9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-08-06 00:01
how brill am i for spoting and commenting :happy:B)


Author

RE: Realistic Mission #9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-08-06 20:27
well you just basically told him the answer but ok


Author

RE: Realistic Mission #9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-08-06 21:07
Why am I slightly pleased to see willeH back ...


Author

RE: Realistic Mission 9

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 18-09-13 15:08
I dont get it..

I have tried the basic injection on basic16, it works then I use same one to realistic 9 but it says invalid login/pass until I modified the injection using UNION, I got message saying im on the right track but stick to the mission..

I tried like 1000 injections . nothing works. I dont get it.. it must have one specific injection syntax. anyone can help me??


I could list all injections but it would be a spoiler...
know where to Look
Author

RE: Realistic Mission 9

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 18-09-13 16:12
It's still the simplest of injections man, it's just not using numbers any longer.

Edited by rex_mundi on 18-09-13 16:16
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: Realistic Mission 9

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 18-09-13 16:16
I got it now.. it was real simple. I replaced only one character with another character - bingo I got in and got the key..

however I tried to decrypt using western iso charset. it still is little garbled or its supposed to be that way

I send it using the link to send it - after I posted. it does nothing. no message or anything...

know where to Look
Author

RE: Realistic Mission 9

ZyrgEr
Member



Posts: 5
Location: Finland
Joined: 07.10.12
Rank:
God
Posted on 13-01-14 18:59
I can't figure this out... I have tried about everything between the most simple injections to xp_cmdshell-stuff and none of them work Sad

Just to make this clear: I have to login to admin panel? As whitie or somebody else?
Author

RE: Realistic Mission 9

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 13-01-14 19:31
Think simple, also you'll need to use the injection in both username and password fields.
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ