Basic 7
Basic 7
ghost | 13138 Reads | Ok so the description of this challenge is
This time Mr. Deitry decided to make a cookie login script and he said he decrypted it from ASCII encryption, and for you to login you need to encrypt it. And after you login there is another login but its a Login that uses SQL databases, but he thinks that the SQL login page is vulnerable to a simple SQL injection, and when he gets back from his vacation he would fix it.
So what do you think needs done.
-decrypt the username from the ASCII encryption
-use SQL injection to login.
Start.
You will notice in the source that it gives the username - sam and password jillisdead. But that won't work… yet… You are probably saying, it says Username: and I know the username is Sam… You are half correct. You may also have tried javascript to inject the username and pass through Address bar… again you are half correct… Remember in the description it tells you to encrypt it from the orignal ASCII? Lets do that now! I am not going to tell you what to encrypt it to but I will give you a site that will help
Now once you got the encryption you will probably try to use the encryption text into the Username box, don't you need to find a way to inject the username encryption. Once you've done that, a new page comes up asking for the Password… You will probably try jillisdead, but thats not it. You need to read up on SQL Injections here is a site
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
You do not need to inject these through the url but somehow inject it to database. Once you find out how, do that and your done.
Congrats
PM me if there is a mistake or something.
ghost 18 years ago
ok then ive done almost every realistic mission on HTS and every basic, but the first part for this one dont work 4 me. we are using hex right?cos i encrypted "sam" into hex and tried to inject that but to no avail :(
Thucydides 17 years ago
weird, I just beat it using jillisdead for the second part. Either you overthought this mission,or the challenge must have been changed since you've gone through it.
southafrica1 13 years ago
I beat it with "hello" for the second part and it seems to work no matter what I enter. Dna if somthings wrong with it or what but I got my points.
ShadowCrawler01 12 years ago
Yea i passed it the same way Thucydides said he did for the second part
Jopaul94 11 years ago
I went to the website given and tried converting to binary with all different separations (which I figured didn't even matter) and I still can't get past the "username" box. Any help/explanation? Thanks.
GSmyrlis 8 years ago
i'm writing here 11 years after a user that now he doesnt exist in this site, posted this.
hamidhsh 5 years ago
in basic 7 , after change sam to bineri code and change my cookie … this tell me you mast loged in why ?
dranzer_13 5 years ago
Hey I tried injecting the username in binary but to no avail. Can anybody help me? The JS injection doesn't seem to work and the cookie doesn't change or am I doing something wrong?
darkFinger 4 years ago
guys i tried injecting the binary form of the username into the username field but i got a 404 error saying file not found and the console spilling errors