Please ask questions ONLY in this topic.

Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!

Re: Please ask questions ONLY in this topic.

Post by Defte on Tue Jan 12, 2016 11:58 am
([msg=91276]see Re: Please ask questions ONLY in this topic.[/msg])

Yeah i found it out yesterday, thanks for help :)
Defte
New User
New User
 
Posts: 10
Joined: Sun Jan 10, 2016 11:09 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by KENWAYBLKFLAG on Thu Apr 07, 2016 5:12 pm
([msg=92102]see Re: Please ask questions ONLY in this topic.[/msg])

Let me start off by saying that I have already completed this mission. I know SQL injection is the way to go but my first thought, upon seeing the username/password input fields was to try SSI injection. However, attempting to submit "<!--#exec cmd="ls" -->" into the 'username' field just gives me the standard incorrect-password-fuck-off page. Why doesn't SSI Injection work in this case? I'm guessing the input fields are being validated but is there any way to know that they are being validated before even trying to run a SSI injection attack? For example, is the validating code available for me to view in the source code somewhere? And if so, where? Appreciate any response, thanks!
KENWAYBLKFLAG
New User
New User
 
Posts: 1
Joined: Thu Apr 07, 2016 5:06 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Wed Apr 13, 2016 7:39 am
([msg=92133]see Re: Please ask questions ONLY in this topic.[/msg])

SSI is only executed in certain types of pages and only when the server is set-up to execute it. You need to understand when it can be used and when it is disabled before you attempt to use it.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


I see "You have already done this." - Is that accurate?

Post by Zer0asis on Tue Apr 19, 2016 10:37 am
([msg=92170]see I see "You have already done this." - Is that accurate?[/msg])

I think I completed it properly. When I go back to try it again, I get a message that says, "You have already done this."

Is that what I'm supposed to see?
Zer0asis
New User
New User
 
Posts: 1
Joined: Tue Apr 19, 2016 10:27 am
Blog: View Blog (0)


Re: I see "You have already done this." - Is that accurate?

Post by gatopardos on Sat Apr 23, 2016 10:31 am
([msg=92190]see Re: I see "You have already done this." - Is that accurate?[/msg])

Zer0asis wrote:I think I completed it properly. When I go back to try it again, I get a message that says, "You have already done this."

Is that what I'm supposed to see?


Yeah I get the same problem , normally we should get a database dump and work our way through there but now it validates your query as true and lets you move on.
gatopardos
New User
New User
 
Posts: 3
Joined: Fri Apr 15, 2016 1:03 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by veemon293 on Sat Jun 11, 2016 9:58 am
([msg=92446]see Re: Please ask questions ONLY in this topic.[/msg])

null
veemon293
New User
New User
 
Posts: 6
Joined: Fri Jun 10, 2016 5:27 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by grumpygrenade on Sat Sep 24, 2016 7:30 pm
([msg=92952]see Re: Please ask questions ONLY in this topic.[/msg])

So I completed the mission but I have no idea what I have done, is there still someone to PM for questions??
grumpygrenade
New User
New User
 
Posts: 1
Joined: Thu Sep 22, 2016 5:53 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by HackForceOne on Tue Oct 11, 2016 11:01 am
([msg=93007]see Re: Please ask questions ONLY in this topic.[/msg])

So, proud of myself that I solved this on my own. However, I knew that SQL injection was required to solve it, and thus googled the syntax and copied/pasted to pass the mission.

My question is, I don't understand WHY the SQL statement that I posted was an "always true" statement. I am pretty decent at SQL coding, but the syntax doesn't make any sense to me.

Could someone PM me and explain the syntax for me?
HackForceOne
New User
New User
 
Posts: 1
Joined: Tue Oct 11, 2016 10:57 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by never_finished on Tue Nov 22, 2016 11:08 pm
([msg=93130]see Re: Please ask questions ONLY in this topic.[/msg])

I have found 2 ways to get through this challenge, one of them did not require the username and the other was a solid guess at the username, but I still never came across the list of users which some people mentioned. Can anyone pm me with how to find the table for viewing users, I tried a number of queries, but may have had poor syntax.
never_finished
New User
New User
 
Posts: 1
Joined: Tue Nov 22, 2016 11:04 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dtmander on Sun Mar 05, 2017 6:55 am
([msg=93500]see Re: Please ask questions ONLY in this topic.[/msg])

Does this mission still work correctly? I have googled SQL injection and tried many things, but get nothing other than an SQL error. Nothing that I try provides any other results. Can someone PM me so that I may discuss my theories and attempted solutions without providing any spoilers? Thanks.
dtmander
New User
New User
 
Posts: 2
Joined: Thu Mar 02, 2017 8:02 am
Blog: View Blog (0)


PreviousNext

Return to (Real 2) Chicago American Nazi Party

Who is online

Users browsing this forum: No registered users and 0 guests