Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 7

By ghostghost | 13381 Reads |
0     0

Ok so the description of this challenge is

This time Mr. Deitry decided to make a cookie login script and he said he decrypted it from ASCII encryption, and for you to login you need to encrypt it. And after you login there is another login but its a Login that uses SQL databases, but he thinks that the SQL login page is vulnerable to a simple SQL injection, and when he gets back from his vacation he would fix it.

So what do you think needs done.

-decrypt the username from the ASCII encryption

-use SQL injection to login.

Start.

You will notice in the source that it gives the username - sam and password jillisdead. But that won't work… yet… You are probably saying, it says Username: and I know the username is Sam… You are half correct. You may also have tried javascript to inject the username and pass through Address bar… again you are half correct… Remember in the description it tells you to encrypt it from the orignal ASCII? Lets do that now! I am not going to tell you what to encrypt it to but I will give you a site that will help

http://nickciske.com/tools/

Now once you got the encryption you will probably try to use the encryption text into the Username box, don't you need to find a way to inject the username encryption. Once you've done that, a new page comes up asking for the Password… You will probably try jillisdead, but thats not it. You need to read up on SQL Injections here is a site

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

You do not need to inject these through the url but somehow inject it to database. Once you find out how, do that and your done.

Congrats

PM me if there is a mistake or something.

Comments
ghost's avatar
ghost 19 years ago

I don't remember doing any of this.

ghost's avatar
ghost 19 years ago

Well look at the mission..

ghost's avatar
ghost 18 years ago

ok then ive done almost every realistic mission on HTS and every basic, but the first part for this one dont work 4 me. we are using hex right?cos i encrypted "sam" into hex and tried to inject that but to no avail :(

Thucydides's avatar
Thucydides 18 years ago

weird, I just beat it using jillisdead for the second part. Either you overthought this mission,or the challenge must have been changed since you've gone through it.

southafrica1's avatar
southafrica1 14 years ago

I beat it with "hello" for the second part and it seems to work no matter what I enter. Dna if somthings wrong with it or what but I got my points.

ghost's avatar
ghost 13 years ago

Mr noob we actually have to convert to binary

ShadowCrawler01's avatar
ShadowCrawler01 12 years ago

Yea i passed it the same way Thucydides said he did for the second part

Jopaul94's avatar
Jopaul94 11 years ago

I went to the website given and tried converting to binary with all different separations (which I figured didn't even matter) and I still can't get past the "username" box. Any help/explanation? Thanks.

GSmyrlis's avatar
GSmyrlis 8 years ago

i'm writing here 11 years after a user that now he doesnt exist in this site, posted this.

firedragon13218's avatar
firedragon13218 6 years ago

:o

firedragon13218's avatar
firedragon13218 6 years ago

hi

hamidhsh's avatar
hamidhsh 5 years ago

in basic 7 , after change sam to bineri code and change my cookie … this tell me you mast loged in why ?

dranzer_13's avatar
dranzer_13 5 years ago

Hey I tried injecting the username in binary but to no avail. Can anybody help me? The JS injection doesn't seem to work and the cookie doesn't change or am I doing something wrong?

darkFinger's avatar
darkFinger 4 years ago

guys i tried injecting the binary form of the username into the username field but i got a 404 error saying file not found and the console spilling errors