Please ask questions ONLY in this topic.

FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

Re: Please ask questions ONLY in this topic.

Post by Orbtron on Thu Feb 05, 2009 9:44 am
([msg=17412]see Re: Please ask questions ONLY in this topic.[/msg])

Ok, So I got the emails last night, But I dont know how to send them to SaveTheWhales! I did a user search but cant send a private message as its disabled, how else can I send the emails?

For those still trying to get the emails have a look at this tutorial found it quite helpful...
http://www.securiteam.com/securityreviews/5DP0N1P76E.html < SQL Injection

So any help on this?
Thanks,
Orbtron
Orbtron
New User
New User
 
Posts: 1
Joined: Wed Feb 04, 2009 9:28 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Turboyuyu on Thu Feb 05, 2009 12:58 pm
([msg=17415]see Re: Please ask questions ONLY in this topic.[/msg])

I have the email list, but I cannot send a PM, because it says "Private messaging is locked".
Turboyuyu
New User
New User
 
Posts: 1
Joined: Mon Apr 28, 2008 7:19 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Thu Feb 05, 2009 2:42 pm
([msg=17420]see Re: Please ask questions ONLY in this topic.[/msg])

Turboyuyu wrote:I have the email list, but I cannot send a PM, because it says "Private messaging is locked".


Make sure you are trying to send it from the HTS Message Center on the front page and not the Private Messages link.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by NightFalcon on Fri Feb 13, 2009 9:44 pm
([msg=17850]see Re: Please ask questions ONLY in this topic.[/msg])

What threw me off for a while was the way the examples in this thread were combining the SELECT from and the nulls.

This isn't right:

Code: Select all
select * from table union all select * from anotherTable, null, null, null


read up on SELECT.
NightFalcon
New User
New User
 
Posts: 1
Joined: Fri Feb 13, 2009 9:37 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Tue Feb 17, 2009 9:45 am
([msg=18085]see Re: Please ask questions ONLY in this topic.[/msg])

NightFalcon wrote:What threw me off for a while was the way the examples in this thread were combining the SELECT from and the nulls.

This isn't right:

Code: Select all
select * from table union all select * from anotherTable, null, null, null


read up on SELECT.


They are just examples and not meant to be spoilers.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by shandz on Wed Feb 25, 2009 5:53 am
([msg=18638]see Re: Please ask questions ONLY in this topic.[/msg])

Orbtron wrote:Ok, So I got the emails last night, But I dont know how to send them to SaveTheWhales! I did a user search but cant send a private message as its disabled, how else can I send the emails?

For those still trying to get the emails have a look at this tutorial found it quite helpful...
http://www.securiteam.com/securityreviews/5DP0N1P76E.html < SQL Injection

So any help on this?
Thanks,
Orbtron


you wouldnt know until you tried :roll:
shandz
New User
New User
 
Posts: 13
Joined: Tue Sep 09, 2008 8:42 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Irhab on Fri Mar 27, 2009 12:20 pm
([msg=20694]see Re: Please ask questions ONLY in this topic.[/msg])

would someone answer these questions like they are talking to a small child?
Where does the SQL injection go, address bar or email submit form?
What is the format of the command to get the emails?

This is what I have and at this point - 2 days of learning the wrong way to do this.
I want to choke the shit out of anyone who does not give me a direct answer to my direct questions.
I need someone to hold my hand and walk me through this explaining the "why" of each step.
Feel free to send me an email, private message, sms, call my house, my wife, don't care which - just need help. I'm military with a family, my time is my most valuable commodity and I have already spent too much on this.
Irhab
New User
New User
 
Posts: 3
Joined: Thu Mar 26, 2009 1:46 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Fri Mar 27, 2009 2:03 pm
([msg=20708]see Re: Please ask questions ONLY in this topic.[/msg])

Irhab wrote:would someone answer these questions like they are talking to a small child?
Where does the SQL injection go, address bar or email submit form?
What is the format of the command to get the emails?

This is what I have and at this point - 2 days of learning the wrong way to do this.
I want to choke the shit out of anyone who does not give me a direct answer to my direct questions.
I need someone to hold my hand and walk me through this explaining the "why" of each step.
Feel free to send me an email, private message, sms, call my house, my wife, don't care which - just need help. I'm military with a family, my time is my most valuable commodity and I have already spent too much on this.


Read the post right above yours and click on the suggested link, then scoll down to the 6.0 section and check it out. It will answer some of your questions.

If you're U.S. military, I appreciate your service!
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Irhab on Fri Mar 27, 2009 3:48 pm
([msg=20714]see Re: Please ask questions ONLY in this topic.[/msg])

These are my latest attempts. No joy.
http://www.hackthissite.org/missions/re ... %20email--
http://www.hackthissite.org/missions/re ... %20email--
http://www.hackthissite.org/missions/re ... %20email--
any tips, pointers, hints, or slaps on the back of the head would be welcome.
Irhab
New User
New User
 
Posts: 3
Joined: Thu Mar 26, 2009 1:46 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by exolosar on Sat Mar 28, 2009 4:08 pm
([msg=20806]see Re: Please ask questions ONLY in this topic.[/msg])

This is kinda stupidish... I tried everything, and I knew I have right piece of code for injection, but actual formatting that worked is different than those in SQL injection tutorials.

Fow example, here it doesn't need this [ ' ] mark, and also no space after category value. Why is that? Can someone explain me please? :?:

And also, confusing part for me is, why is it necessary to put this n***'s together with asterisk? And why this exact number of them? I know that this has something to do with matching number of some other table/rows/columns/something. But I simply don't get it. :roll:

I understand SQL commands, like UNION ALL and SELECT, but this is weird formatting :lol:

-- Sat Mar 28, 2009 10:21 pm --

To correct myself, space is allowed, but still don't get it why no quotation mark after value of category. Correct me if I am wrong; this *.php?category=1 is the same as SQL code [SELECT * FROM products WHERE category=1]. Is that correct? And where quotation marks stand? Does it have to be [SELECT * FROM 'products' WHERE 'category'='1'] or just [SELECT * FROM products WHERE category='1']? If the last one is true, isn't it gonna be [*.php?category=1' UNION...]? I know that the last quote mark is automatically added, so don't we need to add a quote mark after number?.....

OMG, i have so many questions, I think I'm just bothering you. Sorry for disturbance. I guess I'll find answers somewhere on net during my journey. Thanks anyway.
exolosar
New User
New User
 
Posts: 5
Joined: Fri Mar 27, 2009 8:37 am
Blog: View Blog (0)


PreviousNext

Return to (Real 4) Fischer's Animal Products

Who is online

Users browsing this forum: No registered users and 0 guests