Please ask questions ONLY in this topic.

Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!

Re: Please ask questions ONLY in this topic.

Post by silkhound on Mon Feb 07, 2011 8:38 pm
([msg=53269]see Re: Please ask questions ONLY in this topic.[/msg])

I'm actually glad it took me a while to get this one done -- it gave me an excellent chance to learn some more about SQL!
As for my hint: I'm gonna try to be cryptic here.

I tried a buttload of variations on the 'testing' theme, but they all got me a:
SQL Error:
.

I believe this is a warning message about your syntax. If you're getting it, you're close. Just read your injection again.
Sometimes it is the end that ruins the injection.
User avatar
silkhound
New User
New User
 
Posts: 5
Joined: Mon Apr 14, 2008 5:46 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Tue Feb 08, 2011 8:49 pm
([msg=53288]see Re: Please ask questions ONLY in this topic.[/msg])

silkhound wrote:Sometimes it is the end that ruins the injection.

Or lack there of...
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by leperchon2304 on Tue Feb 22, 2011 2:00 am
([msg=54036]see Re: Please ask questions ONLY in this topic.[/msg])

ok so ive read up on SQL injections but i must be imputing it wrong or something because all i get is the invalid username/password page. im supposed to insert it in the source code right?
leperchon2304
New User
New User
 
Posts: 2
Joined: Tue Feb 22, 2011 1:57 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mShred on Tue Feb 22, 2011 2:08 am
([msg=54037]see Re: Please ask questions ONLY in this topic.[/msg])

leperchon2304 wrote:ok so ive read up on SQL injections but i must be imputing it wrong or something because all i get is the invalid username/password page. im supposed to insert it in the source code right?

Try reading up on SQL a little more.. I think you've got the basic principle a little off.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1612
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Please ask questions ONLY in this topic.

Post by Onoref on Thu Feb 24, 2011 8:14 am
([msg=54184]see Re: Please ask questions ONLY in this topic.[/msg])

Read so much about sites getting hacked this way and now I finally did it myself :D

For people have problems with this (hopefully not to much of a spoiler):
imagine the code behind the scenes, imagine your input in that code and then think about how your input can change things ...
Onoref
New User
New User
 
Posts: 1
Joined: Thu Feb 24, 2011 8:10 am
Blog: View Blog (0)


Basic SQL Injection Analogy

Post by fashizzlepop on Thu Feb 24, 2011 10:08 pm
([msg=54234]see Basic SQL Injection Analogy[/msg])

I like to bring up the "Mad Lib" analogy.
Code: Select all
The _(adjective)_ brown fox jumps over the lazy _(noun)_.


Now, just throw in what you want and you completely change the meaning AND logic.

Code: Select all
The _hairy ballsack falls off! My_ brown fox jumps over the lazy _Mexican. Give me your money_.


Notice the extra sentences now. We completely changed the logic by adding periods and more than just one word per blank.

Now, you'll want to think in terms of authentication:

Code: Select all
if $user_input_pass == "sluttyAngel2012" && $user_input_user == "MarkZuckerburg";


Just think of $user_input_pass as a blank the user fills in. Maybe make that variable a TRUE statement in itself, and, once you do that, find a way for it to ignore the rest of the statement... ;) *couch* comment *cough*

If this and the rest of the guides listed previously can't help you with this mission, you are FAIL.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Goatboy on Thu Feb 24, 2011 10:10 pm
([msg=54236]see Re: Please ask questions ONLY in this topic.[/msg])

fashizzle, you get many GoatPoints for that.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Thu Feb 24, 2011 10:16 pm
([msg=54237]see Re: Please ask questions ONLY in this topic.[/msg])

Thank you, I'll be here all week. ;)

This is the kinda shit we need to preface each mission. I'll be talking with Kage to see if he will allow me to add that when I port the missions to the recode.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Goatboy on Thu Feb 24, 2011 10:25 pm
([msg=54239]see Re: Please ask questions ONLY in this topic.[/msg])

fashizzlepop wrote:Thank you, I'll be here all week. ;)

This is the kinda shit we need to preface each mission. I'll be talking with Kage to see if he will allow me to add that when I port the missions to the recode.

What we need to do is take an example from Wells' spinoff of HTS (which is unfortunately down at the moment) and give a short tutorial before the mission. At the very least, explain what might be useful and maybe point to a relevant guide.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Thu Feb 24, 2011 10:35 pm
([msg=54240]see Re: Please ask questions ONLY in this topic.[/msg])

Yeah, that's what I meant. I also think Basic 2 is just pointless.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 2) Chicago American Nazi Party

Who is online

Users browsing this forum: No registered users and 0 guests