This has got to be, by far, the easiest realistic challenge that I've yet to complete.
If this were a real hacking attempt, I'd have no trouble with the injection part (which I'm currently struggling with) since I'd have an actual s** query error instead of " Your on the right track but stick to the mission. "
Can anyone help me with the proper injection? I've read all of the prior forum posts and all of the articles regarding this mission
Huitzilopochtli wrote:
It only accepts one hard coded injection, and should be your logical second choice if a target was filtering out numbers from your input.
Still no luck :/ If I could at least get a "real" query error returned to me I'd understand wtf I need to be doing lol [EDIT]: Got it
I remember one of the first sites I ever hacked, WAAAY back in the day, I did it with a sql injection and then found the unencrypted password for admin in the same database and used it to login to their admin-cpanel page (not the CPanel CMS, rather one their freelance web developer put in the site) I think the password was even a permutation of that developer's company name. I kept hacking it over the course of at least a year, each time using the same exact sql injections.
Eventually they finally stored the password as an md5 hash in the database, but I still got it decrypted.
Years later, they kept it in the database but changed the admin-cpanel out for a basic HTTP authentication using (I'd assume) a .htpasswd. But the sql injections still work to get you the old password
