This has got to be, by far, the easiest realistic challenge that I've yet to complete.
If this were a real hacking attempt, I'd have no trouble with the injection part (which I'm currently struggling with) since I'd have an actual s** query error instead of " Your on the right track but stick to the mission. "
Can anyone help me with the proper injection? I've read all of the prior forum posts and all of the articles regarding this mission
I remember one of the first sites I ever hacked, WAAAY back in the day, I did it with a sql injection and then found the unencrypted password for admin in the same database and used it to login to their admin-cpanel page (not the CPanel CMS, rather one their freelance web developer put in the site) I think the password was even a permutation of that developer's company name. I kept hacking it over the course of at least a year, each time using the same exact sql injections.
Eventually they finally stored the password as an md5 hash in the database, but I still got it decrypted.
Years later, they kept it in the database but changed the admin-cpanel out for a basic HTTP authentication using (I'd assume) a .htpasswd. But the sql injections still work to get you the old password
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.