Basic 18

Basic 18 has been released for beta testing, it was made by me and is fairly hard.

You can find it: here

Comments etc would be appreciated.

People who've beaten it:

Placebo, Larika, V1P3R, hack4u, What_A_Legend, mozzer, only_samurai, AldarHawk

grr, i'm having trouble guessing the name of the db.

Placebo wrote: grr, i'm having trouble guessing the name of the db.

That's why it's blind xD think logically and you'll get it

well, i have been, but maybe logic isn't on my side today. i've tried like 10 different variations of logical names but no luck.

Placebo wrote: well, i have been, but maybe logic isn't on my side today. i've tried like 10 different variations of logical names but no luck.

PM me with what you tried

whew

Finally got it. Nice one system, and thx for the help.

Placebo wrote: whew

Finall got it. Nice on system, and thx for the help.

Thanks :) any improvements you could suggest?

none that i could really suggest. how many others have beaten it so far?

Its supposed to get some errors before guess the right sql?

no you don't get any errors.

Placebo wrote: none that i could really suggest. how many others have beaten it so far?

Not sure, I'll update my top post when people post they've beaten it, congrats, apart from me, you're the only one who's beaten it methinks!

sweet. if I can think of any suggestions I'll be sure to let you know.

can i pm what im tring?

You can pm me if you want, or if you'd rather ask the creator that's cool too.

thanks i got it now

Larika wrote: thanks i got it now

Any comments on it? Improvements that could be made etc

I think is hard "as basic challenge". Ill suggest only to make display a error whit the db name, so the people dont waste time changing db names but only tring to guess the right query. The scope is to make a blind sql injection not to guess filenames. However i found it a very good challenge. Congrats to the creator.

You don't have to guess any filenames, you're supposed to use logic to guess the table name, which is sorta obvious as it's an article system.

This challenge is based on how I learned blind injections, where I had to guess the table etc, but if more people want it to spit an error out with the table name in, I'll consider changing it

I got it thinking at real 4 in hts. The solution is very similar too.

ive been looking into it. i think im having the same problem like you guys have had. i couldnt get the database of the articles.

great challenge though

hack4u wrote: ive been looking into it. i think im having the same problem like you guys have had. i couldnt get the database of the articles.

great challenge though

You need the TABLE NAME not the db name, you already mentioned teh table name in your post.

i done it :D

Comments On Challenge: A well made challenge, good work system :) difficulty - Medium/hard (between both lol)

The challenge is pretty good, only thing to improve is maybe a few errors. :)

yeah finished it up.

Positives: -differnt than everything else -nice coding :P

Negatives: -some errors would help but would ruin the point of the blind part -maybe make the articles some short crappy funny things … cuz i hate just seeing Article #

hack4u wrote: yeah finished it up.

Positives: -differnt than everything else -nice coding :P

Negatives: -some errors would help but would ruin the point of the blind part -maybe make the articles some short crappy funny things … cuz i hate just seeing Article #

I would make it show some article content, but all it does is echo the id and strip the rest of the crap out

Done It.

Well I'd like to agree with all the other suggestions and the good points I like the idea of a Blind SQL injection challenge as i had no exspirence in this until now. Gave me a chance to learn something new

Good work S_M

done and very nice. notice you didnt change anything since i helped you debug it…. lawl

Nicely written up. The one area was a bit of a give away but what can you do eh?

Pros: New type that is yet to be done, Good backend code, nice challenge Cons: Layout is a little bland(but again it is a Basic), system got MORE points for this!

HAR HAR HAR

Nice one man.

:( I was working on somehting liek this lol I dont htink i got the table name either. It shouldn't give it to you that just isnt blind sql.

If you of all people can't get the table name :P

Remember that tool we worked on in the summer?