Join us on Slack!
The measure of a mans life is not how well he dies, but how well he lives.
Monday, December 16, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 52
Guests Online: 52
Members Online: 0

Registered Members: 121075
Newest Member: Awmos
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Realistic 9

deepfreeze
Member



Posts: 5
Location:
Joined: 12.09.16
Rank:
God
Posted on 01-03-17 10:08
This has got to be, by far, the easiest realistic challenge that I've yet to complete.
If this were a real hacking attempt, I'd have no trouble with the injection part (which I'm currently struggling with) since I'd have an actual s** query error instead of " Your on the right track but stick to the mission. "
Can anyone help me with the proper injection? I've read all of the prior forum posts and all of the articles regarding this mission Sad
Author

RE: Realistic 9

Huitzilopochtli
Member



Posts: 1624
Location:
Joined: 19.02.13
Rank:
God
Posted on 01-03-17 19:36
It only accepts one hard coded injection, and should be your logical second choice if a target was filtering out numbers from your input. Thumbs Up
Author

RE: Realistic 9

deepfreeze
Member



Posts: 5
Location:
Joined: 12.09.16
Rank:
God
Posted on 01-03-17 20:31
Huitzilopochtli wrote:
It only accepts one hard coded injection, and should be your logical second choice if a target was filtering out numbers from your input. Thumbs Up

Still no luck :/ If I could at least get a "real" query error returned to me I'd understand wtf I need to be doing lol
[EDIT]: Got it Smile

Edited by deepfreeze on 01-03-17 20:48
Author

RE: Realistic 9

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 01-03-17 20:50
I'd assume even nazis know that leaving error messages turned on, is a bad idea.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Realistic 9

deepfreeze
Member



Posts: 5
Location:
Joined: 12.09.16
Rank:
God
Posted on 01-03-17 21:58
I remember one of the first sites I ever hacked, WAAAY back in the day, I did it with a sql injection and then found the unencrypted password for admin in the same database and used it to login to their admin-cpanel page (not the CPanel CMS, rather one their freelance web developer put in the site) I think the password was even a permutation of that developer's company name. I kept hacking it over the course of at least a year, each time using the same exact sql injections.
Eventually they finally stored the password as an md5 hash in the database, but I still got it decrypted.
Years later, they kept it in the database but changed the admin-cpanel out for a basic HTTP authentication using (I'd assume) a .htpasswd. But the sql injections still work to get you the old password Tee-Hee-Hee