Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Pen Testing 1


ghost's Avatar
0 0

I'm stuck at the SQL part of this challenge. Any injection I can think of (as well as any input at all in both fields) is just giving the message "Access denied for user 'www-data'@'localhost' (using password: NO)". Is this challenge working properly?


th3l05tpr0ph3tz's Avatar
Member
0 0

EDIT THIS FOR SPOILERS

also, yes its being buggy, the whole challenge is.


Mordak's Avatar
Evil Sorcerer
4,025 18

The challenge is working fine.


ghost's Avatar
0 0

Thanks Mordak, I must just be missing something. I'll keep on trying!


Mordak's Avatar
Evil Sorcerer
4,025 18

PM me if you need to.


th3l05tpr0ph3tz's Avatar
Member
0 0

may i PM with what im doing as well, because i keep getting error popups that say "you have already found this exploit" even though i haven't and it doesnt add points.


Mordak's Avatar
Evil Sorcerer
4,025 18

Sure PM me.


ghost's Avatar
0 0

I am also stuck at the sql part. Can I pm someone the injections i have tried?


Arabian's Avatar
Member
0 0

sure


Death_metal666's Avatar
Member
0 0

is this challenge down?? cuz i tried every sql injection and all the combination which i know. but still getting this error: > Access denied for user 'www-data'@'localhost' (using password: NO)


ghost's Avatar
0 0

Death_metal666 wrote: is this challenge down?? cuz i tried every sql injection and all the combination which i know. but still getting this error: [quote]Access denied for user 'www-data'@'localhost' (using password: NO)[/quote]

Someone Pmed me the same question not too long ago. I will resend it to you.


Death_metal666's Avatar
Member
0 0

challenge is up … yippee solved thanks to molested … thank you


th3l05tpr0ph3tz's Avatar
Member
0 0

maybe im doing something wrong, i still get "Access denied for user 'www-data'@'localhost' (using password: NO)"


ghost's Avatar
0 0

Is this challenge still working as supposed? I am not able to log in using the given account and password. Could someone confirm it is broken?


ghost's Avatar
0 0

i got the sql injection pretty easily man just act like a bad parent and beat it to death :D


nopcron's Avatar
Member
0 0

I suppose this one might be broken. There is no way I manage to get the SQL related one and the session related one (not sure if I am trying the right thing here) but there's no doubt about the SQL part.


Euforia33's Avatar
philalethes
0 0

The SQL related exploit is not currently working but the exploit for the session still works.


korg's Avatar
Admin from hell
0 0

The SQL page is working, Just tried it. The exploit was changed from the original.


ChioDoS's Avatar
Member
0 0

Worked for me. :)


synstealth's Avatar
PHP WARRIOR
2,490 1

im 30 points shy of the 350 points completion of this pent1 challenge, however I have attempted using the injection in the admin page and it does nothing.. a flicker here then the page reloads and acts like nothing happened. I have attempted several types of injections. no success and im starting to wonder if this is buggy or am I injecting it wrong.. you know the famous 'or 1=1– string doesnt even work tho. any pointer/hints?


rex_mundi's Avatar
☆ Lucifer ☆
3,050 6

It's not a bug, it's just a different injection. :P