Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Stuck on level 21


ghost's Avatar
0 0

Ok, so far all I have managed to do is getting the first SQL error message (this is right after the login screen of level 21). I have read the White Paper and tried all the stuff that is suggested in it. I have also read the forum and tired to follow the hint that were given, but still no luck.


LanceUppercut wrote: The answer is right there in the whitepaper….

After you've found out what columns exist in the table, you need to find a way to enumerate values from those columns. The problem with the login page is that it is not designed to return the values that you've queried, just allow access to a user that has credentials in the table. In that case, we need to be able to find a way to get data from the tables. We do that by enumerating values through syntax errors.

After the section in the whitepaper that shows you how to enumerate the column names, read further on how to create type convertion errors…Once you know how to do that, you can enumerate the usernames and passwords through error messages. The answers are in there…just read a little further down :)

But everything I have tried does not bring a SQL error message screen, only a

Not Found The requested document was not found on this server.

Web Server at hellboundhackers.org

So could anyone PM me, and maybe go through some of the things I need to do.

Thanks. JC


stealth-'s Avatar
Ninja Extreme
0 0

You shouldn't be getting 404 errors, I just checked the challenge and I can confirm it works fine without any 404's. If you'd like, feel free to PM me what you're trying and I'll take a look.