Think Very Carefully About What the SQL Commands are Doing

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Think Very Carefully About What the SQL Commands are Doing

Post by anymore666 on Mon Apr 04, 2016 10:23 am
([msg=92079]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Sorry wrong topic :|
anymore666
New User
New User
 
Posts: 1
Joined: Mon Apr 04, 2016 10:14 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by 32OLF on Sat Apr 09, 2016 12:23 pm
([msg=92114]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I have the goods but when i send it to savethewhales in htc center it says "Your response did not generate a victory condition for the challenge. Please try again!" what causes this one?
32OLF
New User
New User
 
Posts: 1
Joined: Sat Apr 09, 2016 11:54 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Alli86 on Sat Apr 09, 2016 1:28 pm
([msg=92115]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I think it's case sensitive. Try sending it to SaveTheWhales.
Alli86
New User
New User
 
Posts: 4
Joined: Mon Apr 04, 2016 8:31 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by cyberdrain on Wed Apr 13, 2016 7:42 am
([msg=92134]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Make sure you only copy what is required, all of it and once. Add an empty line at the end to be sure.
Last edited by cyberdrain on Fri Jun 03, 2016 8:50 am, edited 1 time in total.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by kraffy on Tue May 10, 2016 8:29 am
([msg=92296]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Finally got to the list. Damn it this one was a challenge. Always got stuck on SQL stuff, I think for the first time I start to understand something about it. Now for that PM...
kraffy
New User
New User
 
Posts: 2
Joined: Tue May 10, 2016 7:32 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Hachiavelli on Sun Jul 10, 2016 1:36 pm
([msg=92560]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

This was an intense and fun mission. SQL has been giving me a little trouble for the past few months and after spending the last 24hrs working at wrapping my mind around it the syntax finally makes sense. This (http://www.w3schools.com/sql/trysql.asp?filename=trysql_select_all) truly was the best aid for experimentation with the SELECT * FROM string in conjunction with the UNION ALL and NULL commands. You will need to play with the order and thoroughly read the hints in the forum. It was well worth the effort. :geek:
Hachiavelli
New User
New User
 
Posts: 1
Joined: Sun Jul 10, 2016 1:22 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Starman11 on Tue Aug 02, 2016 9:28 am
([msg=92722]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I understand how the queries work, but when I try to inject them, I keep getting the broken image, I've tried inserting the query after the = and after the =1 with a single quote on the products page. Would someone mind taking a look at my solution?

Ok, now I'm not getting anything on the page, not even the broken image.
Starman11
Experienced User
Experienced User
 
Posts: 60
Joined: Wed Jul 27, 2016 9:07 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by nxbxdy on Tue Aug 02, 2016 10:42 am
([msg=92723]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

i've only successfully completed this mission because i watched a youtube video.
i feel like i understand SQL injections and what i had to do too. when i first entered the mission, i immediately thought, "SQL injection".

though i still don't fully understand. like based on what i learned about UNION ALL, SQL Injections and ORDER BY, the youtube video i watched, doesn't make sense to me and i would be thankful if anyone explained it to me.. either here or over PM. i guess i would prefer PM because i don't want anyone to be spoiled..
nxbxdy
New User
New User
 
Posts: 3
Joined: Tue Aug 02, 2016 10:35 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Starman11 on Tue Aug 02, 2016 12:21 pm
([msg=92724]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

@nxbxdy I sent you a pm to help you understand how the queries work :)

http://www.w3schools.com is a good place to learn HTML, Javascript, SQL, etc. And try to avoid watching youtubes videos, I used to do that myself a few years back, but now I am determined to learn for myself.

I should have finished this level by now myself, I'm having trouble with the way I am putting the queries into the url :/ I just keep getting the broken image. I am so close!

I don't know why I'm not getting it, it's probably something stupid. Should we use any quotes within the query or comments?

I've got to the bit that shows you all the products on one page, but when I try to add the emails, I get a bunch of broken images.

Finally got the emails! Woopee! That mission was a PITA! I guess in a way it's good, because when it comes to computers and hcaking, there are various ways to do things, not just one.
Starman11
Experienced User
Experienced User
 
Posts: 60
Joined: Wed Jul 27, 2016 9:07 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by aConvolutedConscious on Tue May 02, 2017 10:07 pm
([msg=93662]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Once again I reached the very last page of this help thread before I finally got it!

BasedLizardTitties wrote:For anyone else still struggling with how the SQL injection looks when it gets sent up and still unsure of how it should be structured, this article is what pushed me over the hill.


Although I had visited the above page prior to Lizards post, it wasn't until I figured out the ORDER BY and NULL parts that it all really came together and clicked for me. Although, I was able to replace all NULLs with *s and get the same result. Not sure why. Anyway. Thanks for your post Lizard - would have been an even longer road without it!

Again, I didn't get a real worldly feel to this challenge because commands that should have worked did not.

One thing that really threw me was the fact that I had to use UNION ALL twice in my injection. Hope that's not to much of a spoiler, cuz I might have gotten it sooner had the injection only required one UNION ALL. Is that because HTS is using outdated MySQL code or what? I was under the impression that the correct way was to (SELECT ... UNION ... SELECT)?

Good Luck HTS'ers!
User avatar
aConvolutedConscious
New User
New User
 
Posts: 15
Joined: Thu Apr 27, 2017 10:33 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests