Think Very Carefully About What the SQL Commands are Doing

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Think Very Carefully About What the SQL Commands are Doing

Post by matrix_abc on Thu Feb 26, 2009 5:12 am
([msg=18706]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

to pm him?
i also got the email adresses but i don't know what to do :roll:

edit: i did it :) :)
use http://www.hackthissite.org/pages/messa ... s/send.php
matrix_abc
New User
New User
 
Posts: 5
Joined: Thu Feb 26, 2009 3:56 am
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by i_fallenhero on Wed Mar 04, 2009 7:20 pm
([msg=19279]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

No, you have to email him from the HTS message center on the main page
User avatar
i_fallenhero
Experienced User
Experienced User
 
Posts: 66
Joined: Sun Jan 11, 2009 6:17 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by DudeJonne on Sun Mar 08, 2009 3:12 pm
([msg=19574]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

I completed it with some help of a friend. I want to ask a question about it, without giving a spoiler. So who could I pm with a question about the code that you use to complete this mission?!

:geek: Jonne
DudeJonne
New User
New User
 
Posts: 1
Joined: Thu Mar 05, 2009 5:01 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by yourmysin on Sun Mar 08, 2009 9:42 pm
([msg=19602]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Feel free to message me if you still have a question.
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 83
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by goluhaque on Fri Apr 24, 2009 5:24 am
([msg=22420]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

OK. i think I know dat where v hv 2 nter d Injection(after converting p*** to g**) But whenever I enter the Injection at d place in a**e****.php, the old msg dat the Email is not valid comes up. Yeah, yeah I know wat part of dat msg is important. But how do we enter the Injection? I think dat a**e****.php blocks d use of SQL Injection. Am I on d right track? Or Do v hv 2 use p*******.php?
(23:45:03) hauk: I guess you are over the best part of your life when 4-year-olds say "Are you an evil man?"
(23:46:19) hauk: and "Ima punch you in the pecker"
User avatar
goluhaque
Poster
Poster
 
Posts: 153
Joined: Mon Apr 13, 2009 12:08 am
Location: India
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by ragnarokio on Sat May 23, 2009 8:02 am
([msg=24224]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

i'm stuck here. I know i have to inject SQL into the URL, and i'm pretty confiedent of the command i have to use, but i don't know in exactly what format to insert it, i've read over a few SQL tutorials but they didn't really help me. right now i'm typing in ?(SQL CODE HERE), but that pretty much just refreshes the page.
ragnarokio
New User
New User
 
Posts: 4
Joined: Fri May 22, 2009 9:14 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by Defience on Wed May 27, 2009 11:58 am
([msg=24498]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

ragnarokio wrote:i'm stuck here. I know i have to inject SQL into the URL, and i'm pretty confiedent of the command i have to use, but i don't know in exactly what format to insert it, i've read over a few SQL tutorials but they didn't really help me. right now i'm typing in ?(SQL CODE HERE), but that pretty much just refreshes the page.


That's not quite the right location, you want to run it while checking out some products and it shouldn't end with '?' although that should be part of the string.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Fischer's Animal Products

Post by greyshogun on Sun May 31, 2009 4:16 pm
([msg=24684]see Re: Fischer's Animal Products[/msg])

jimbo_9100 wrote:you have to go to the "HTS message center" and send the e-mails to SavetheWhales....PS: dont go the the private messages link...


Thanks. It wasn't that hard to get the goods, but I wasn't sure what to do with them afterwards.

I really liked this exercise -- first one where I really felt like I was attacking a live application. Anyone who has stuck with the exercises up to this point, I can say that you're getting close to the point where you can break into field data.
greyshogun
New User
New User
 
Posts: 18
Joined: Sun May 24, 2009 9:39 pm
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by 3nIGhost on Sun Jun 07, 2009 4:54 pm
([msg=25038]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

Hey guys im really stuck i mean i havent done this in the longest i beat it b4 like last year but i think it was a bug that said i passed it but i never did anything really just put both pages together now im starting off from scratch so i need help to start over i need help cuz i've been on for 5 days tryna figure this out.... so what would b a good sql learning to get the email from a**e****.*** page..? plz all i need is a little help pm me if you would like i wouldnt mind thnx
"Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind."

|Theodore Geisel (Dr. Seuss)
User avatar
3nIGhost
Experienced User
Experienced User
 
Posts: 61
Joined: Thu Apr 17, 2008 1:09 am
Location: NJ,USA
Blog: View Blog (0)


Re: Think Very Carefully About What the SQL Commands are Doing

Post by greyshogun on Sun Jun 07, 2009 10:51 pm
([msg=25043]see Re: Think Very Carefully About What the SQL Commands are Doing[/msg])

3nIGhost wrote:Hey guys im really stuck i mean i havent done this in the longest i beat it b4 like last year but i think it was a bug that said i passed it but i never did anything really just put both pages together now im starting off from scratch so i need help to start over i need help cuz i've been on for 5 days tryna figure this out.... so what would b a good sql learning to get the email from a**e****.*** page..? plz all i need is a little help pm me if you would like i wouldnt mind thnx


To make effective sql injection attacks, you will need to learn a certain amount of sql. Assuming that the middleware of the application contains injection vulnerabilities, from that point forward it is your skillz with sql that will help you to break in.

I'm not sure how to help you get good sql knowledge -- I did database programming professionally for a few years so I have that to fall back on.

One pointer I can give you is this -- whatever query this sort of application is making, in many cases it will be something of this form:

select (some stuff) from (some tables) where (certain conditions are met)

essentially, any code you try to inject will need to be appended to the end of this sort of sql statement, or at least in the case of this particular example. Try to imagine what the database query would be, and imagine something (sql compliant) that you could tack onto the end that would allow you to make your attack.

Also, you'll have to visualize what you imagine the middle-ware to be doing. Remember that in the case of reconnaissance sql attack, you'll need to comply with the requirements of the middle-ware in order to get the info you n33d.
greyshogun
New User
New User
 
Posts: 18
Joined: Sun May 24, 2009 9:39 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests