Please ask questions ONLY in this topic.

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Please ask questions ONLY in this topic.

Post by tracevector on Sun Mar 25, 2012 10:00 pm
([msg=65219]see Re: Please ask questions ONLY in this topic.[/msg])

So I've found where I need to perform the injection. And I also know what my command should be (well... I am roughly 85% certain after my research, and I believe I understand what I'm doing).

Yet, I'm still getting just one broken image, no addresses.

To explain where I'm at without spoiling anything:
I realize that to combine these two things, they must have the same number of entities (to be as absolutely vague as possible), so I've accounted for that. So I'm attempting the UA command while keeping that in mind for the e**** DB and I'm simply selecting all of the p******* DB.

I would be happy to elaborate more over PM if someone would be willing to help me overcome this. I think it's a matter of syntax or perhaps a small misunderstanding, not sure.

Thank you very much,

TV

EDIT: Solved it by removing the p******* selection portion of my command... why? I think it should work either way, no?
tracevector
New User
New User
 
Posts: 3
Joined: Mon Mar 19, 2012 11:50 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Dafuqisthisshit on Tue Apr 10, 2012 9:19 am
([msg=65568]see Re: Please ask questions ONLY in this topic.[/msg])

I have done this one by playing with url, but I wonder if it is possible to inject SQL by submitting an email with an addition of SQL command by pressing add to list button ?
Dafuqisthisshit
New User
New User
 
Posts: 4
Joined: Mon Apr 02, 2012 4:49 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Cerberus0011 on Thu Jun 28, 2012 10:13 am
([msg=67588]see Re: Please ask questions ONLY in this topic.[/msg])

Hey guys

I just completed the mission :) yay.

Maybe this will shed some light ...

(pls edit if spoilerish)
The SQL command you use must have the correct parameters in order to display the list of emails.
There are certain characters which can act as 'any' or only 1 character .. (Sorry trying not to spoil here).

Once you have the list, email to SaveTheWhales ( Case-sensitive) using the HTS Messages Center from the main site.

Hope that helped without being too obvious.
PS: thanks Logical, stronghard's post's were wasting space and completely boyish.

thanks for awesome missions
Loving this!!!
Good luck
Cerberus0011
New User
New User
 
Posts: 4
Joined: Tue Jun 26, 2012 3:55 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Ramurak on Tue Jul 24, 2012 9:45 pm
([msg=68290]see Re: Please ask questions ONLY in this topic.[/msg])

I'm trying to message the list to the guy but it keeps saying that he doesnt exist. Already checked case sensitive.

Edit: Nevermind.Got it.
Ramurak
New User
New User
 
Posts: 8
Joined: Sun Jul 22, 2012 8:14 pm
Blog: View Blog (0)


Frustrated with SQL Recon

Post by justforfunn on Sat Aug 25, 2012 1:21 am
([msg=69009]see Frustrated with SQL Recon[/msg])

SPOILER ALERT!
I'm not going to give it away, but if you're trying to get this without too much help, you might not want to read. I have completed it now, but I just wanted to get some clarification.

I tried this for hours trying to get the information I needed on the tables so that I could properly structure my u***n query. Mind you, I own a textbook which I've read every word of on MySQL, and it covered that as well as nulls pretty extensively, so I know why certain things might not have been working. The problem was that when I tried to do some recon queries to find out more about the tables, I got nowhere. In fact, the only other query I got results from was to u***n the two rows in the products table. This obviously wasnt any help, I just wanted to see what queries the script would accept.

Let me first tell you what I tried, and then what I think was going on.

[SPOILERS]

I tried to separate things into multiple queries like so:

" not enough and impatient."

Edit: ^^Was this a mod edit? You seriously deleted not only my queries, but my questions..? Pretty curt reply as well.
You did not address my concerns about blipping up on the radar with all my attempts. Sure I should have tried more, and I did, and I got it. I was just asking if anyone thought the guess and check practice was too sloppy for practical application, or if it was pretty standard.

[/SPOLIERS]

So here's my beef:
Is this site, which is more or less painting a target on its forehead by giving the green light to hackers etc worldwide, simply being extremely restrictive and picky about what it will and will not accept? What I mean is, obviously these missions are staged, and the back door is left open and the front doors and windows locked on purpose, because they know youre coming, and although they want you to be able to break in, they dont want it to be easy and they want it done on their terms. What Im wondering is that, in doing that, have they made recon much harder than it would be in real-world security applications? Or is this pretty typical when pen-testing a site? I mean, I love HTS and wouldnt hack them if I could, but obviously someone could easily/accidentally do some damage if HTS didnt beef up security.

But I suspect there is an unusually high level of cmd/syntax sanitation going on, and while I support that, I wonder if it would be likely to encounter precautions like that, paired up with (what I assume are) pretty novice level security mistakes such as those in Realistic Missions 1-4. Thoughts? PMs are welcome.
Last edited by justforfunn on Mon Aug 27, 2012 12:37 pm, edited 1 time in total.
User avatar
justforfunn
New User
New User
 
Posts: 4
Joined: Fri Aug 24, 2012 4:49 pm
Blog: View Blog (0)


sending the emails

Post by TheL0LmaN on Sat Aug 25, 2012 9:44 am
([msg=69013]see sending the emails[/msg])

i got the emails but when i go th the pm system it says "You are not authorised to send private messages."
is it a problem with my account?
TheL0LmaN
New User
New User
 
Posts: 1
Joined: Sat Aug 25, 2012 9:30 am
Blog: View Blog (0)


Re: sending the emails

Post by LoGiCaL__ on Sat Aug 25, 2012 2:33 pm
([msg=69016]see Re: sending the emails[/msg])

TheL0LmaN wrote:i got the emails but when i go th the pm system it says "You are not authorised to send private messages."
is it a problem with my account?


You need 2 forum posts in order to send PM's. I think you would probably want to use the hts message center instead.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Fidd1er on Fri Nov 09, 2012 2:39 am
([msg=70669]see Re: Please ask questions ONLY in this topic.[/msg])

Couple of days ago I barely completed Basic 1, so exuse me if it's a lame question. Here's the deal: I gave up on solving realistic 4 and rushed to youtube, where I found the solution to be very unclear to me. I was told there to inject to following code: (spoiler alert)

Please don't post spoilers. I'll PM you in a little while to try to help you out.
~limdis


Danke =)
Fidd1er
New User
New User
 
Posts: 2
Joined: Thu Nov 08, 2012 4:59 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by EcceGratum on Sun Nov 18, 2012 8:20 am
([msg=71067]see Re: Please ask questions ONLY in this topic.[/msg])

When I'm on the right path, do I get a hint from the "server"? E.g. do I get an SQL error if I exited from the string but spoiled the syntax?
This question somewhat applies to all the missions because there were cases where only the solution resulted in a positive response. (No step-by-step solving)

-- Wed Nov 21, 2012 12:22 am --

So far I can distinct valid and invalid query syntax. But I can't seem to access the email table with using *N*O*. Is it that I can't use it because the columns are different in the 2 tables?
EcceGratum
New User
New User
 
Posts: 20
Joined: Wed Nov 07, 2012 4:29 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by olelen on Fri Nov 30, 2012 5:11 am
([msg=71423]see Re: Please ask questions ONLY in this topic.[/msg])

Where should I send the emails list?
olelen
New User
New User
 
Posts: 2
Joined: Fri Nov 30, 2012 5:10 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests

cron