Donate to us via Paypal!
Ideas are far more powerful than guns.
Wednesday, October 28, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 107
Guests Online: 106
Members Online: 1

Registered Members: 129455
Newest Member: aeteisu
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

Please teach me to be a elite hax00rz!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-07-07 22:03
haha, I'm kidding. The topic did get your attention now didn't it? Wink


I'm not a little bitch, I don't want to be spoon feed anything. I don't ask people "how can I hack a website" "how can I deface a website" I ask specific questions so people can nudge me in the right direction on where to look.

Alright, so you may be wondering what do I want, well I've been looking up sql injections on getting access to "password protected sections" I haven't actually gotten one to work I've used the injections like
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
'Wink or ('a'='a
in the username and password section and mixing it up and what not.

So my question is if sql injections doesn't work whats another way to go about doing this, I don't want anyone to explain how to do it, just give me some names of things for me to research and play around with.

Most of the password protected sections im trying to hack are like

<form action="index.htm" method=POST enctype="application/x-www-form-urlencoded">

<table border="0" align="CENTER">
<tr>
<td> Username </td>
<td align="CENTER"><input type=Text name=username size=8 maxlength=8 value=></td>
</tr>
<tr>
<td> Password </td>

<td align="CENTER"><input type=Password name=pass size=8 maxlength=10></td>
</tr>
<tr><td colspan="2" align="CENTER">
<input type="Submit" value="LOG IN">

which, I can't get sql injections to work for it. Help anyone?
Author

RE: Please teach me to be a elite hax00rz!!

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 31-07-07 22:05
It's due the fact that the coder protected the fields using php commands. Study php and sql and you will grasp this subject WAY better.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Please teach me to be a elite hax00rz!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-07-07 22:10
It's also a fact that that kind of injections are wide spread and most developers know that they exist and in most recent programming books/papers/etc.. it always says to use build-in mysql functions or addslashes to filter your input.


Author

RE: Please teach me to be a elite hax00rz!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-07-07 22:28
on a scale of 1-10 ( 10 being really hard and 1 being super easy ) how hard would it be to crack this password? And the easiest way would be to save it to my computer, find an "exploit" in the script, edit it, then run it? or would you suggest going about this a different way?

Edited by on 31-07-07 23:00