Join us on Slack!
Ideas are far more powerful than guns.
Friday, September 20, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 70
Guests Online: 67
Members Online: 3

Registered Members: 118629
Newest Member: LeDawson
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Realistic 9 SQL

C_K_A01
Member

Your avatar

Posts: 3
Location:
Joined: 20.06.19
Rank:
Monster
Posted on 01-07-19 13:46
Hey guys,

normally I complete those in a few minutes but at the admin bypass in this challenge
I think I'm stuck. I tried nearly all possible SQLI - Methods -> with numbers, without numbers, with chars etc. Every time the page only refreshes or a Message : "You are on the right track but stick to the mission." is shown. I tried somethng like '** '*='* --
Author

RE: Realistic 9 SQL

Huitzilopochtli
Member



Posts: 1621
Location:
Joined: 19.02.13
Rank:
God
Posted on 03-07-19 18:41
Try something more like ' ** *=*--


.
Author

RE: Realistic 9 SQL

C_K_A01
Member

Your avatar

Posts: 3
Location:
Joined: 20.06.19
Rank:
Monster
Posted on 09-07-19 01:24
I tried a lot of different ways. Is there a way to come logical to the solution of this part?
If someone can give me a little hint (but not : try '** *=* .....) it would be great.
Author

RE: Realistic 9 SQL

C_K_A01
Member

Your avatar

Posts: 3
Location:
Joined: 20.06.19
Rank:
Monster
Posted on 09-07-19 01:24
I tried a lot of different ways. Is there a way to come logical to the solution of this part?
If someone can give me a little hint (but not : try '** *=* .....) it would be great.
Author

RE: Realistic 9 SQL

Huitzilopochtli
Member



Posts: 1621
Location:
Joined: 19.02.13
Rank:
God
Posted on 10-07-19 17:47
Your injection needs to go in both fields of the login form.
Dont use numbers. (and yes : try '** *=*--)


.