by justforfunn on Sat Aug 25, 2012 1:21 am
([msg=69009]see Frustrated with SQL Recon[/msg])
SPOILER ALERT!
I'm not going to give it away, but if you're trying to get this without too much help, you might not want to read. I have completed it now, but I just wanted to get some clarification.
I tried this for hours trying to get the information I needed on the tables so that I could properly structure my u***n query. Mind you, I own a textbook which I've read every word of on MySQL, and it covered that as well as nulls pretty extensively, so I know why certain things might not have been working. The problem was that when I tried to do some recon queries to find out more about the tables, I got nowhere. In fact, the only other query I got results from was to u***n the two rows in the products table. This obviously wasnt any help, I just wanted to see what queries the script would accept.
Let me first tell you what I tried, and then what I think was going on.
[SPOILERS]
I tried to separate things into multiple queries like so:
" not enough and impatient."
Edit: ^^Was this a mod edit? You seriously deleted not only my queries, but my questions..? Pretty curt reply as well.
You did not address my concerns about blipping up on the radar with all my attempts. Sure I should have tried more, and I did, and I got it. I was just asking if anyone thought the guess and check practice was too sloppy for practical application, or if it was pretty standard.
[/SPOLIERS]
So here's my beef:
Is this site, which is more or less painting a target on its forehead by giving the green light to hackers etc worldwide, simply being extremely restrictive and picky about what it will and will not accept? What I mean is, obviously these missions are staged, and the back door is left open and the front doors and windows locked on purpose, because they know youre coming, and although they want you to be able to break in, they dont want it to be easy and they want it done on their terms. What Im wondering is that, in doing that, have they made recon much harder than it would be in real-world security applications? Or is this pretty typical when pen-testing a site? I mean, I love HTS and wouldnt hack them if I could, but obviously someone could easily/accidentally do some damage if HTS didnt beef up security.
But I suspect there is an unusually high level of cmd/syntax sanitation going on, and while I support that, I wonder if it would be likely to encounter precautions like that, paired up with (what I assume are) pretty novice level security mistakes such as those in Realistic Missions 1-4. Thoughts? PMs are welcome.
Last edited by
justforfunn on Mon Aug 27, 2012 12:37 pm, edited 1 time in total.