Author | Realistic Mission 9 |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Ok... this challenge is really pissing me off !!
I Tried to SQL inject on the Username and password boxes and to SQL inject on the URL bar...
So I always used * ** *==*-- to make A SQL injection...
Though it always appears this message:
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/hbh/public_html/challenges/real9/admin.php on line 139
Sorry, this login is invalid.
I don't understand.. what the hell am I supose to do then ?!
Edited by rex_mundi on 26-03-13 14:22 |
 |
Author | RE: Realistic Mission #9 |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
i hope you used one = sign
Edited by on 17-08-06 16:13 |
 |
Author | RE: Realistic Mission #9 |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
OMG LOL ahahah indeed i type in the = sign twice 
Well that's it completed the challenge in 30 seconds when i type in the correct injection xD
|
 |
Author | RE: Realistic Mission #9 |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
how brill am i for spoting and commenting :happy:B)
|
 |
Author | RE: Realistic Mission #9 |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
well you just basically told him the answer but ok
|
 |
Author | RE: Realistic Mission #9 |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Why am I slightly pleased to see willeH back ...
|
 |
Author | RE: Realistic Mission 9 |
synstealth Member

Posts: 812 Location: /etc/shadow
Joined: 30.11.04 Rank: God | |
I dont get it..
I have tried the basic injection on basic16, it works then I use same one to realistic 9 but it says invalid login/pass until I modified the injection using UNION, I got message saying im on the right track but stick to the mission..
I tried like 1000 injections . nothing works. I dont get it.. it must have one specific injection syntax. anyone can help me??
I could list all injections but it would be a spoiler... |
 |
Author | RE: Realistic Mission 9 |
rex_mundi ☆ Lucifer ☆

Posts: 2013 Location: Scotland
Joined: 20.02.08 Rank: God | |
It's still the simplest of injections man, it's just not using numbers any longer.
Edited by rex_mundi on 18-09-13 16:16 |
 |
Author | RE: Realistic Mission 9 |
synstealth Member

Posts: 812 Location: /etc/shadow
Joined: 30.11.04 Rank: God | |
I got it now.. it was real simple. I replaced only one character with another character - bingo I got in and got the key..
however I tried to decrypt using western iso charset. it still is little garbled or its supposed to be that way
I send it using the link to send it - after I posted. it does nothing. no message or anything...
|
 |
Author | RE: Realistic Mission 9 |
ZyrgEr Member

Posts: 5 Location: Finland
Joined: 07.10.12 Rank: God | |
I can't figure this out... I have tried about everything between the most simple injections to xp_cmdshell-stuff and none of them work 
Just to make this clear: I have to login to admin panel? As whitie or somebody else? |
 |
Author | RE: Realistic Mission 9 |
rex_mundi ☆ Lucifer ☆

Posts: 2013 Location: Scotland
Joined: 20.02.08 Rank: God | |
Think simple, also you'll need to use the injection in both username and password fields. |
 |