Hellbound Hackers
Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 20
Members Online: 4
rex_mundi, pinkyPink, Huitzilopochtli, potat0wned

Registered Members: 82889
Newest Member: Geriztul
Latest Articles

Pent testing 2 walk ...

System Test...

Top 10 Simple Home S...

Pen Testing 2...

5 Firefox Addons Eve...

Realistic 18...

IT Security, a way o...

WIFI - Part 6, Airod...

WIFI - Part 6, Airod...

WIFI - Part 5, OSI a...

WIFI - Part 4, Airmo...

Artificial Intellige...

WiFi - Part 3, Aircr...

WiFi - Part 2, Proto...

WiFi - Part 1, Inter...

View Thread

HellBound Hackers | Challenges | Realistic
Author

Real 11, Login Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 07-01-07 19:45
I have read BlackNDoor's article on Real 11 (article) just to make sure I was approaching the login correctly, but I've tried every combination of SQL injections that I can think of (with what I believe is the correct username, found via the method mentioned in the article). I've also tried the injections listed in willeH's article. (Thinking it was he who wrote the challenge, so perhaps that's the quirk I wasn't accounting for)

I have tried to use the username (ex: ausername) in both all lowercase, and first-letter capitilization (Ausername), and I feel that I'm either overlooking something, or missing something repeadtedly.

I've also scanned the source of /************/index.php after each login attempt. Anyone generous enough to push me in the right direction, or highlight my error somehow? Thank you very much, in advance.

(One thing to note: I obscured the directory of the login page, just to avoid any spoilers at all.)
Author

RE: Real 11, Login Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 11-02-07 20:52
BlackNDoor wrote:

"Hmm.. Why don't you try to login with this user and perhaps an sql injection for the
password... Ok that's don't work but did you see what i see!!! If you look carefully
at your explorer, I'm sure you see it.So try to view the source of it."

Look carefully at, what happens when you press the login-button (the action)

Author

RE: Real 11, Login Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 13-02-07 05:42
Try My Article ......Hope That Helps..

Author

RE: Real 11, Login Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 25-02-07 01:56
cURL is pissing me off. I cant seem to get the page where im supposed to return the number. im using it like this "curl -b cookies.txt http://xxxxxx" where cookies.txt is the file i took from my browser that holds all the cookies. It just doesnt work... help :evil:
Author

RE: Real 11, Login Question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank: Guest
Posted on 01-03-07 11:13
Nope!!!

Learn PHP CURL

Chnage the page's POST to GET method to know where and how to return the number.

Author

RE: Real 11, Login Question

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank: Hacker Level 3
Posted on 01-03-07 11:18
JohnDoe wrote:
cURL is pissing me off.


Then why do you use it? I've beaten that part of the challenge both with JS and with GML. It can be done in for example Visual Basic or C++ if that suits you better. You don't have to use cURL for this mission, it's just one of the alternatives Wink

img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/