Please ask questions ONLY in this topic.

Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!

Re: Please ask questions ONLY in this topic.

Post by Dukeeee on Fri Jun 12, 2015 9:13 am
([msg=88475]see Re: Please ask questions ONLY in this topic.[/msg])

Very easy mission if you learn sql
Dukeeee
New User
New User
 
Posts: 1
Joined: Fri Jun 12, 2015 9:09 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Dark Star1000 on Mon Jun 22, 2015 6:22 am
([msg=88605]see Re: Please ask questions ONLY in this topic.[/msg])

This was my first HTS mission in which i used sql injection and it worked. But when i tried to use it on some basic missions which i have completed then it just says incorrect password.
I am new to all this so pls tell me why sql injection works in this mission but not other basic missions???
Was this mission created for sql injection to work???
The quieter you become the more you are able to hear
Dark Star1000
New User
New User
 
Posts: 9
Joined: Fri Jun 19, 2015 10:32 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by guywithakeyboard on Thu Jun 25, 2015 1:12 am
([msg=88652]see Re: Please ask questions ONLY in this topic.[/msg])

I was able to get through this reading through the HTS articles on SQL Injection, but curious as to why I needed a little extra in my injection. Obviously don't want to post spoilers, but if someone could PM me to open a dialogue about the solution I would appreciate it. :)
guywithakeyboard
New User
New User
 
Posts: 1
Joined: Thu Jun 25, 2015 1:09 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by aarons1515 on Sun Jul 26, 2015 3:33 pm
([msg=89109]see Re: Please ask questions ONLY in this topic.[/msg])

i get that we should put i a cod but im still confused about what i should put in
aarons1515
New User
New User
 
Posts: 1
Joined: Sun Jul 26, 2015 3:24 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by NxNW on Sat Oct 17, 2015 2:44 am
([msg=90187]see Re: Please ask questions ONLY in this topic.[/msg])

Hahahahahaha..

I was bashing my head into the wall for a few hours trying to figure out why none of the stuff that I knew should be working was working.

Finally realized that when I was messing around in web console, trying to spoof the PHPID to something random just for the fun of it.. apparently, that was having a negative effect on my ability to do ANYTHING related to mission 2.

Glad that's over.
NxNW
New User
New User
 
Posts: 1
Joined: Sat Oct 17, 2015 2:41 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by zw3c on Fri Nov 20, 2015 12:25 pm
([msg=90662]see Re: Please ask questions ONLY in this topic.[/msg])

Shouldn't inputting just a single quote output a server error 500 instead of the incorrect password page?
zw3c
New User
New User
 
Posts: 1
Joined: Fri Nov 20, 2015 11:53 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by haxkid on Sat Nov 28, 2015 6:36 am
([msg=90764]see Re: Please ask questions ONLY in this topic.[/msg])

For those who are not able to solve, it's simple sql injection mission. But I spent almost an hour because, my HTS session expired in between without my knowledge and success page with the green button wasn't loading.

I know, thats lame
haxkid
New User
New User
 
Posts: 7
Joined: Wed Nov 25, 2015 4:18 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by insttechno on Sat Jan 09, 2016 5:31 am
([msg=91236]see Re: Please ask questions ONLY in this topic.[/msg])

Took me a while but evenutally got it.

For those in the thread that say i simply don't understand SQL injection, read about it. But here's a brief description of what you are doing:

By entering a certain value in a certain field (massive hint) when you click login SQL is seeing the password value as being correct even though you haven't actually entered a specific password

Hope thats not a spoiler but actually helps
insttechno
New User
New User
 
Posts: 8
Joined: Fri Jan 08, 2016 9:40 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defte on Mon Jan 11, 2016 4:02 pm
([msg=91253]see Re: Please ask questions ONLY in this topic.[/msg])

Hi guys, it's me again well if i had to give a hint i'll say that you need sql injection, you gotta find something that means to the dataserver that the login request is true (i hope that is not too much). I've found the solution but i can't use it i still don't know why, i've been looking on the internet and my solution is ok. I realised that each time i go on "https://www.hackthissite.org/missions/realistic/2/update.php" the username and password fields are already completed by my own username and password on HTS, could this create errors?

Thanks for help, good evening,
Defte.
Defte
New User
New User
 
Posts: 10
Joined: Sun Jan 10, 2016 11:09 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Tue Jan 12, 2016 11:10 am
([msg=91272]see Re: Please ask questions ONLY in this topic.[/msg])

Defte wrote:I realised that each time i go on "https://www.hackthissite.org/missions/realistic/2/update.php" the username and password fields are already completed by my own username and password on HTS, could this create errors?

Autocompletion strikes again. As long as you remove the data before submitting anything it shouldn't create errors.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 2) Chicago American Nazi Party

Who is online

Users browsing this forum: No registered users and 0 guests