Please ask questions ONLY in this topic.

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

realistic mission 4

Post by Zloy Obezyan on Tue Feb 28, 2017 9:22 pm
([msg=93486]see realistic mission 4[/msg])

Is it possible to test page by "SQLmap" from BlackArch, Kali Linux etc. ?
example:
sqlmap -u https://www.hackthissite.org/missions/r ... category=1 --dbs
and so on...
Yourth Faithfully, Zloy Obezyan
Yourth Faithfully, Zloy Obezyan
Zloy Obezyan
New User
New User
 
Posts: 3
Joined: Mon Feb 27, 2017 7:21 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Benway101 on Wed Mar 01, 2017 12:33 am
([msg=93487]see Re: Please ask questions ONLY in this topic.[/msg])

No you can't, And it isn't necessary to test it as well. You only need to find a security hole in the site and access it.
Those who do not remember their past are condemned to repeat their mistakes - George Santayana
User avatar
Benway101
New User
New User
 
Posts: 12
Joined: Tue Feb 07, 2017 8:17 am
Location: Taiwan
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by bolz83 on Fri Jun 09, 2017 5:38 pm
([msg=93753]see Re: Please ask questions ONLY in this topic.[/msg])

I've got the list but I'm unable to reply to the Message:
From: SaveTheWhales

Message: Hello, I was referred to you by a friend who says you know how to hack into computers and web sites - well I was wondering if you could help me out here. There's this local store who is killing hundreds of animals a day exclusively for the purpose of selling jackets and purses etc out of their skin! I have been to their website and they have an email list for their customers. I was wondering if you could somehow hack in and send me every email address on that list? I want to send them a message letting them know of the murder they are wearing. Just reply to this message with a list of the email addresses. Please? Their website is at http://www.hackthissite.org/missions/realistic/4/. Thanks so much!!

Can someone help me here?
bolz83
New User
New User
 
Posts: 3
Joined: Fri Jun 09, 2017 5:34 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Jun 10, 2017 9:24 pm
([msg=93756]see Re: Please ask questions ONLY in this topic.[/msg])

You're probably trying to use the wrong messaging system. Use HTS Messages Center, not the BB one.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 279
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by bolz83 on Sun Jun 11, 2017 3:29 pm
([msg=93759]see Re: Please ask questions ONLY in this topic.[/msg])

Thanks I found it.
bolz83
New User
New User
 
Posts: 3
Joined: Fri Jun 09, 2017 5:34 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Artour Babaev on Thu Jun 15, 2017 10:09 am
([msg=93776]see Re: Please ask questions ONLY in this topic.[/msg])

Hello, do you have to have a certain number of posts or time your account is active to be able to PM users? I'm trying to send the emails to SaveTheWhales but am currently locked from PM (probably because I made my account yesterday).

Thanks in advance
Artour Babaev
New User
New User
 
Posts: 1
Joined: Thu Jun 15, 2017 9:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by averon on Sat Jul 08, 2017 5:29 pm
([msg=93918]see Re: Please ask questions ONLY in this topic.[/msg])

After many hints found in this thread, I was able to uncover the list of emails. The most useful resource for me was https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005), especially the Exploitation Techniques section.

I learned how to form a query to probe the number of columns in the table and their type. However, I still guessed the second table name. I've read this isn't necessary. How could I have formed a query that would return table names?

I tried:
SHOW TABLES;
DBname.sys.tables
INFORMATION_SCHEMA.TABLES
averon
New User
New User
 
Posts: 1
Joined: Sat Jul 08, 2017 5:17 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Zajt on Wed Jul 12, 2017 2:56 am
([msg=93928]see Re: Please ask questions ONLY in this topic.[/msg])

I have a question about this one but need to ask someone through PM because otherwise it will be spoil. Anyone interested? I have solved it I can say, just a question about how it works.
Zajt
New User
New User
 
Posts: 3
Joined: Wed Jul 12, 2017 1:59 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Wed Jul 12, 2017 10:13 am
([msg=93932]see Re: Please ask questions ONLY in this topic.[/msg])

Zajt wrote:I have a question about this one but need to ask someone through PM because otherwise it will be spoil. Anyone interested? I have solved it I can say, just a question about how it works.


I'm around, go ahead.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 279
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Ir777 on Sat Jul 22, 2017 2:27 pm
([msg=93980]see Re: Please ask questions ONLY in this topic.[/msg])

I got this finished after 3 days :lol:
You will need to know SQL UNION to make the right SQL injection https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005)#Union_Exploitation_Technique
(find all places that may be used as input), I lost one day by mistake as I think I saw table name as ???ls but it turned to be ???l so be careful!! also I had to guess column name, I was also confused whether I should put table and column names between ' or not (it should not be there otherwise query will fail), I learned good stuff about UNION ALL statement.

Thanks for the great stuff :D
Ir777
New User
New User
 
Posts: 4
Joined: Wed Jul 19, 2017 7:34 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests