Please ask questions ONLY in this topic.

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Sat Dec 25, 2010 1:11 pm
([msg=51139]see Re: Please ask questions ONLY in this topic.[/msg])

Yes, that is semi-spoilerish so please remove. I can tell you, right off the bat, that you are overcomplicating things a bit. Try to make it simpler and a little more general.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by kamalsharma18 on Tue Jan 25, 2011 1:37 pm
([msg=52860]see Re: Please ask questions ONLY in this topic.[/msg])

i got all the emails, but the status in my profile still says i am not through the mission.

do i need to mail them somewhere?? :| :|
kamalsharma18
New User
New User
 
Posts: 1
Joined: Tue Jan 25, 2011 1:29 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Tue Jan 25, 2011 3:36 pm
([msg=52862]see Re: Please ask questions ONLY in this topic.[/msg])

kamalsharma18 wrote:i got all the emails, but the status in my profile still says i am not through the mission.

do i need to mail them somewhere?? :| :|


Reread the mission description.
User avatar
Defience
Addict
Addict
 
Posts: 1265
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by sigsegv on Wed Feb 02, 2011 12:55 pm
([msg=53117]see Re: Please ask questions ONLY in this topic.[/msg])

hi everybody!
first of all thanks to the staff and all of you! i really enjoy these missions and im learning a lot.

i struggeled on mission 4 quite heavily but finally i know how to do this mission.

nonetheless im quite confused how these tables are setup, how they lookalike and how the sql statement interacts with these tables.

maybe someone could send me a pm and explain how these tables are setup.

thank you all!
sigsegv
New User
New User
 
Posts: 1
Joined: Wed Feb 02, 2011 12:46 pm
Blog: View Blog (0)


Re: Logic

Post by jsock-tre on Fri Feb 11, 2011 1:34 am
([msg=53384]see Re: Logic[/msg])

I completed the level, but i don't understand the logic of the query. Can someone please PM me to explain it, thanks :)
jsock-tre
New User
New User
 
Posts: 1
Joined: Fri Feb 11, 2011 1:28 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by hackthissitedotorg on Tue Feb 22, 2011 1:31 am
([msg=54035]see Re: Please ask questions ONLY in this topic.[/msg])

I got the email List. Now to whom i would send this list? Or do i need to email each one of them personally? That sounds absurd.

Ohh.. I got it.. :D . Just pay attention that who sent you the mail list request. It was really funny.
hackthissitedotorg
New User
New User
 
Posts: 1
Joined: Mon Feb 21, 2011 4:07 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by DCircle on Tue Feb 22, 2011 3:49 am
([msg=54039]see Re: Please ask questions ONLY in this topic.[/msg])

Finally made it :) For everyone having problems like me (i hope it's not too spoilery) here some hints:

First of all you have to find a Spot, where to perform SQL-Injection. As others said before me: Learn about how SQL works, look for a query which uses GET-method and try inserting your own queries. A broken image means that you managed to manipulate the database but your query produced an error.

As you got access to a table of the database you need to "union" the information you need (Mailing list) with the table you have access to. Therefore you need two things: The name of the mailing list table and the number of columns in the table you have access to. To get the name, look carefully at occuring error messages - you can get useful information there (maybe more than just one name?).
Now use the Order-By trick to count columns. That's where i've been stuck for hours cause i really thought i'd need the column names and desperately tried to get them. So if you're stuck here, too, try this one: http://thehotfix.net/forums/index.php?/topic/25665-sql-injection-tutorial/

After this you should have any information needed to perform your sql-attack. Think carefully about the sql-commands which you're going to use. If you see a long list of broken images you're on the right track (even if there's nothing in the sourcecode). Make sure you are using the UNION ALL command and have the right number of nulls filled in. If you still don't manage to get the information from the mailing list, think carefully about what you need to extract the emails from the mailing list. Only the table name or maybe something else? How about the name of the column the adresses are stored in? Try to find it, use it and you should be able to union the adresses with the product list. And in the end you'll find the answer lies in the source of all evil ;-)

Good luck :)

Hope those hints are vague enough :P If it's still too spoilery please just edit and take my apology ;-)
DCircle
New User
New User
 
Posts: 1
Joined: Tue Feb 22, 2011 3:11 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Vlander on Fri Mar 18, 2011 6:25 pm
([msg=55218]see Re: Please ask questions ONLY in this topic.[/msg])

Ive been working on this challenge for a while and am still confused i have the commands for injection but is there a way you have to format the commands when you set it into the address bar instead of the text bar? sorry I'm just completely lost on this one...
Vlander
New User
New User
 
Posts: 1
Joined: Fri Mar 18, 2011 6:19 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by bandchicky314 on Fri Mar 18, 2011 9:26 pm
([msg=55222]see Re: Please ask questions ONLY in this topic.[/msg])

I'm sorry, but did anyone notice that the initial were *fap*? :o
bandchicky314
New User
New User
 
Posts: 20
Joined: Sat Jan 08, 2011 11:14 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Tue Mar 22, 2011 10:00 pm
([msg=55405]see Re: Please ask questions ONLY in this topic.[/msg])

Vlander wrote:Ive been working on this challenge for a while and am still confused i have the commands for injection but is there a way you have to format the commands when you set it into the address bar instead of the text bar? sorry I'm just completely lost on this one...

If you do enough reading on SQL injection you should be able to figure this out. If you have a specific question on the contents of the query, PM me.

bandchicky314 wrote:I'm sorry, but did anyone notice that the initial were *fap*? :o
Nice catch. ;)
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests