Think Very Carefully About What the SQL Commands are Doing

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Think Very Carefully About What the SQL Commands are Doing

Post by MParsons095 on Wed Feb 19, 2014 11:07 am
([msg=79555]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I successfully hack the database and retrieved the list of emails, but the mission hasn't been marked as complete. Did I miss something?
MParsons095
New User
New User
 
Posts: 1
Joined: Wed Feb 19, 2014 11:03 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Rezlets on Wed Feb 19, 2014 10:00 pm
([msg=79559]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

You need to send the list (through HTS's message system, not a PM on the forums) to the person who hired you in the first place.
Rezlets
New User
New User
 
Posts: 34
Joined: Mon Jan 13, 2014 9:54 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Roostir on Thu Feb 20, 2014 7:37 pm
([msg=79566]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

OKAY! so this took me FOREVER to figure out WHERE to inject the SQL.... my question is, why does it have to be on THAT page(s)? why not on the main page or the email error page?

EDIT: okay scratch everything i just said... I just got more lost.

I understand SQL injection to an extent, how it works, and kinda what its purpose is. What I don't understand is how to correctly place it in the URL bar? is there a specific variable I have to type after the regular URL to separate URL from SQL injection? the pages that end in php? or =1 I can put SQL in ( with no result yet of course, just the broke jpg). but if the URL ends in .php or 4/ then i get redirected to a "HTS page not found" type page. What am I missing here?
Roostir
New User
New User
 
Posts: 2
Joined: Thu Feb 20, 2014 10:59 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by fashizzlepop on Sat Feb 22, 2014 2:32 pm
([msg=79586]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Roostir wrote:I understand SQL injection to an extent, how it works, and kinda what its purpose is. What I don't understand is how to correctly place it in the URL bar? is there a specific variable I have to type after the regular URL to separate URL from SQL injection? the pages that end in php? or =1 I can put SQL in ( with no result yet of course, just the broke jpg). but if the URL ends in .php or 4/ then i get redirected to a "HTS page not found" type page. What am I missing here?


The best way to understand something like this is to build and implement it yourself. Learn PHP, HTML, and set up a MySQL database. WAMP is a good start if you're working on windows.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by CK01 on Mon Jul 07, 2014 8:12 pm
([msg=82042]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I've solved this mission. But I think I'm very luck when I *removed*
CK01
New User
New User
 
Posts: 2
Joined: Mon Jul 07, 2014 4:12 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by cyberdrain on Tue Jul 08, 2014 11:48 am
([msg=82056]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

That is a spoiler, but I'll PM you a way to do it.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by DoggerLiam on Tue Aug 26, 2014 4:42 pm
([msg=83008]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

So today I was finally able to complete this challenge, and I'm quite upset right now.

I've been reading a lot about those sql commands I've never had the necessity to use before, such as u**** **l, and after generating a lot of traffic and somehow using forbidden commands (I got logged out and presented with an "authorization required" 404 page or something like that, I accidentally stumbled upon the n**l tip. Good God, not after all this work, I was just a few bits from finding it for myself.

But anyway, as some short of self-punishment, I'm digging my way through every single sql injection blog, cheat sheet or whatever I find on the net.

Really good challenge, very well done, but I going to have mixed feelings about this one forever.

Sorry for this rant and as always, thank you for spreading this knowledge to the world.
DoggerLiam
New User
New User
 
Posts: 4
Joined: Mon Aug 25, 2014 3:42 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by brubru on Thu Feb 26, 2015 8:29 am
([msg=86929]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Dammit, I keep fixating on what I think is the solution and end up wasting so much time for nothing… I feel so bad for having to read this forum to go forward every time :p Oh well, on to the next one!
brubru
New User
New User
 
Posts: 3
Joined: Thu Feb 26, 2015 8:24 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by cyberdrain on Thu Feb 26, 2015 9:29 am
([msg=86931]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

brubru wrote:Dammit, I keep fixating on what I think is the solution and end up wasting so much time for nothing… I feel so bad for having to read this forum to go forward every time :p Oh well, on to the next one!

If you learned something, the time is never wasted. ;)
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by f0x13 on Thu Feb 26, 2015 6:03 pm
([msg=86937]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Finally got the emails!

Took me ages, but I'm glad I didn't cheat :D

The key for me was realizing the importance of the criteria for merging two tables.
f0x13
New User
New User
 
Posts: 4
Joined: Sat Feb 21, 2015 2:40 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests

cron