Please ask questions ONLY in this topic.

Racist pigs are organizing an 'anti-immigrant' rally in Chicago. Help anti-racist activists take over their website!

Re: Please ask questions ONLY in this topic.

Post by aronnas on Sat Jan 19, 2013 7:01 am
([msg=72370]see Re: Please ask questions ONLY in this topic.[/msg])

I have read around SQL Injection and went to the site that the pictures lead you to (from the page's source) but from what I read I need to find some sort of FORM within the HTML code, which I found nowhere there. I tried running some SQL Injection on the URL but no luck and now that site appears off. What am I doing wrong here exactly?
aronnas
New User
New User
 
Posts: 2
Joined: Fri Feb 10, 2012 5:46 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Sat Jan 19, 2013 7:59 am
([msg=72371]see Re: Please ask questions ONLY in this topic.[/msg])

aronnas wrote:I have read around SQL Injection and went to the site that the pictures lead you to (from the page's source) but from what I read I need to find some sort of FORM within the HTML code, which I found nowhere there. I tried running some SQL Injection on the URL but no luck and now that site appears off. What am I doing wrong here exactly?


The SQLi does not need to be executed on the URL.
Look for an alternative place to try and execute SQLi.

[Edit] Trying to manipulate the URL of the picture's location is not correct. You need to go back and look at the source of the main page again. Once you have found what you need, and go there; you will have the form right in front of you.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1209
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by aronnas on Sat Jan 19, 2013 9:07 am
([msg=72372]see Re: Please ask questions ONLY in this topic.[/msg])

Yeah, I got this and passed this challenge. So I tried to run SQL Injection on a real page, as it appears! :o
Am I in trouble or something? I didn't know, I just went there because the source from the pics led me :shock: :shock: :shock:
aronnas
New User
New User
 
Posts: 2
Joined: Fri Feb 10, 2012 5:46 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by limdis on Sat Jan 19, 2013 11:27 am
([msg=72374]see Re: Please ask questions ONLY in this topic.[/msg])

aronnas wrote:Yeah, I got this and passed this challenge. So I tried to run SQL Injection on a real page, as it appears! :o <br>Am I in trouble or something? I didn't know, I just went there because the source from the pics led me :shock: :shock: :shock:

You should be alright. Just be more careful 'where you are' next time.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1311
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Sat Jan 19, 2013 2:12 pm
([msg=72375]see Re: Please ask questions ONLY in this topic.[/msg])

limdis wrote:
aronnas wrote:Yeah, I got this and passed this challenge. So I tried to run SQL Injection on a real page, as it appears! :o <br>Am I in trouble or something? I didn't know, I just went there because the source from the pics led me :shock: :shock: :shock:

You should be alright. Just be more careful 'where you are' next time.


I will agree with that for most situations, as knowing the correct place to carry out attacks can be vital. As for HTS, luckily there is a challenge to actually hack hackthissite.org.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1209
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Raziels on Fri Jan 25, 2013 7:22 pm
([msg=72641]see Re: Please ask questions ONLY in this topic.[/msg])

Wow, nice work guys! I've played some hack-wargames like this one before, but that nazi pages are REALLY realistics, lol

Edit:
aronnas wrote:the source from the pics led me :shock: :shock: :shock:


Holy shit!!! Are those directories for real?

Edit2: Yeah, they're for real.
User avatar
Raziels
New User
New User
 
Posts: 3
Joined: Fri Jan 25, 2013 6:15 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by LeoDaVinci on Thu Feb 07, 2013 10:54 pm
([msg=73562]see Re: Please ask questions ONLY in this topic.[/msg])

I figured it out, but can someone explain to me why you only use one and not two? If you guys don't understand, feel free to message me. But what Im talking about is, at the end of the command, why do you use only one rather than 2? all other websites tell you to use two but it wasnt working for me.
LeoDaVinci
New User
New User
 
Posts: 4
Joined: Tue Jan 29, 2013 10:27 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by gwynfshae on Mon May 06, 2013 6:18 pm
([msg=75486]see Re: Please ask questions ONLY in this topic.[/msg])

Oh my gods, it's all about the OR... fucking hell that was tough.
gwynfshae
New User
New User
 
Posts: 2
Joined: Mon May 06, 2013 4:26 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Fri May 10, 2013 4:37 pm
([msg=75536]see Re: Please ask questions ONLY in this topic.[/msg])

LeoDaVinci wrote:I figured it out, but can someone explain to me why you only use one and not two? If you guys don't understand, feel free to message me. But what Im talking about is, at the end of the command, why do you use only one rather than 2? all other websites tell you to use two but it wasnt working for me.



Okay, let me explain this:
The challenges here are staged and not real. 99x out of 100x, people will use one.
Basically, that string you used was checked for a match, to allow you to win.
However, anything in actuality would work if this was a real vulnerability in the site.

Think of it like this for a real site..
The data gets processed something like this:
Code: Select all
select * from login where username ='';


Now, this
Code: Select all
username='';
part will be filled in with whatever the user enters into a field, such as a user name/ password.

Now, with the string that you used, you should be able to realize how it breaks off the desired statement and then tricks the SQL server to sending back all the data within the login field, instead of just passing back the usernames.
I hope this helps,
- Ninjex
Last edited by -Ninjex- on Sat May 11, 2013 3:39 am, edited 1 time in total.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1209
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by impulse_x on Fri May 10, 2013 8:27 pm
([msg=75542]see Re: Please ask questions ONLY in this topic.[/msg])

I think I past this mission, but the only thing that happens is I get to the hackthissite.org page with "Go On".. kinda like
what happens in Basic 11. I thought I was supposed to edit some page or am I reading it too literal?
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)


PreviousNext

Return to (Real 2) Chicago American Nazi Party

Who is online

Users browsing this forum: No registered users and 0 guests