Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by Jbraithwaite on Tue Jan 19, 2016 11:13 am
([msg=91332]see Re: Please ask questions ONLY in this topic.[/msg])

I felt like a got really far with this, and spent loads of time looking up different accounts etc. When I seen how it's meant to be done, I quit. Not because I couldn't do it, but purely because it had gone beyond the scope of my current understanding.

I still feel really chuffed about getting this far though, with absolutely no prior knowledge of hacking. I've always been curious about websites and how they work. Building them has helped but really only as far as creating HTML/CSS/PHP sites.

I'm sure I'll come back to this once It clicks.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dschein on Wed Mar 30, 2016 8:49 am
([msg=92043]see Re: Please ask questions ONLY in this topic.[/msg])

there are many user created usernames,please can a admin erase them?
dschein
New User
New User
 
Posts: 1
Joined: Tue Feb 16, 2016 5:03 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Wed Apr 13, 2016 7:12 am
([msg=92129]see Re: Please ask questions ONLY in this topic.[/msg])

dschein wrote:there are many user created usernames,please can a admin erase them?

Oh come on, think this through... What/where would the right user be?
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by atyro on Tue Jun 14, 2016 5:16 am
([msg=92460]see Re: Please ask questions ONLY in this topic.[/msg])

Is is possible to field map the schema here? It bothers me that I don't know for sure what the correct username is. Not to say that I don't know, but the method of schema order feels like a cheap confirmation that doesn't add to my understanding. When I try and guess some field names I run into the error 'username is too long'. I'd like to check the amount field. Is anything like this possible here or am I wasting my time trying these injections? Thanks anyone who has some real insight
atyro
New User
New User
 
Posts: 1
Joined: Tue Jun 14, 2016 5:06 am
Blog: View Blog (0)


you need to transfer the money to dropCash?

Post by jhjhtrhcug on Sun Jul 17, 2016 5:28 pm
([msg=92643]see you need to transfer the money to dropCash?[/msg])

I know it is established that this error comes from using the wrong format in the money part but my problem seems to be different.
What I'm trying to do is to log in to a different account and once I'm in the login page I swap the username, and use the built in money sending to send the $$.
Problem is, I keep getting that annoying message. I tried typing $10000000/10,000,000/10000000 and none of those work! I even tried to use dropcash instead since this is also a username. Is the way I'm doing the delivery faulty? I did see many people saying you should use some sort of javascript injection but is my way possible?
jhjhtrhcug
New User
New User
 
Posts: 1
Joined: Sun Jul 17, 2016 5:18 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by DrosoFray on Fri Aug 19, 2016 11:59 am
([msg=92813]see Re: Please ask questions ONLY in this topic.[/msg])

why nothing is logical here , isnt' true that to test if a site is vulnerable or not to sql injection , we need to put ' after the url , so if it shows ' SQL ERROR ' , it should be vulnerable , but nothing i knew from all the commands works and idk why :(
and now " An error has occurred. Please contact a developer. " am i insane or it's not my fault , just an answer guys and thx
DrosoFray
New User
New User
 
Posts: 3
Joined: Thu Aug 18, 2016 10:28 am
Blog: View Blog (0)


Re: Stuck

Post by PavelG on Wed Jan 25, 2017 11:53 pm
([msg=93370]see Re: Stuck[/msg])

BhaaL wrote:I suppose you are logged in, aren't you?
Hint: It doesn't seem to check the password later on...


You are da man!!! )) Thanks!
PavelG
New User
New User
 
Posts: 8
Joined: Fri Jan 20, 2017 5:16 pm
Blog: View Blog (0)


Re: if anyone interesting

Post by Zloy Obezyan on Thu Mar 02, 2017 10:49 pm
([msg=93496]see Re: if anyone interesting[/msg])

Help -> basic level 10
Commands one by one:
1. change username of victim
2. change password of victim
3. send money from page
4. change script which cleans logfiles
The END! Gary Hunter is in ASS!
Yourth Faithfully, Zloy Obezyan
Zloy Obezyan
New User
New User
 
Posts: 3
Joined: Mon Feb 27, 2017 7:21 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by LR0815 on Sun Mar 19, 2017 12:26 pm
([msg=93542]see Re: Please ask questions ONLY in this topic.[/msg])

This was a funny one. After I found out the right username (for thos yelling about too many entries: just look at the above ones). I tried to login with this username. Without any bruteforcing or something I managed to login with the first (!) password I tried... funnily it was one of the most common used passwords :D. This didnt't satisfy me, so i tried another (I think thze correct) way... and did this challange again.

It isn't that hard you think. There is a very usefull firefox addon to manage the 2nd part of this mission.


jhjhtrhcug wrote:Problem is, I keep getting that annoying message. I tried typing $10000000/10,000,000/10000000 and none of those work!


for me it was just the number, without any other sign like $ or ,
LR0815
New User
New User
 
Posts: 1
Joined: Sun Mar 12, 2017 7:31 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Starman11 on Fri Jun 23, 2017 12:20 pm
([msg=93835]see Re: Please ask questions ONLY in this topic.[/msg])

im having problems with the sql injection. i keep getting username is too long. can i pm someone with my sql to see whats up? and also any further tips would be much appreciated just to steer me in the right direction

oh never mind, i got the sql sorted. i was typing more than i had to. although now i am having trouble clearing my logs :roll:
Starman11
Experienced User
Experienced User
 
Posts: 60
Joined: Wed Jul 27, 2016 9:07 am
Blog: View Blog (0)


PreviousNext

Return to (Real 8) United Banks Of America

Who is online

Users browsing this forum: No registered users and 0 guests