BASIC 21

ok im having a bit of trouble with this. On a normal site (using an actual sql data base i can aquire table names and colums going by whether the page accepts it as a correctly formed query. Ex:SELECT COUT(*) FROM BLAH; and if that doesnt give me an error then its a valid table name. Now since this isnt a real sql server im dealing with these methods wont work…so im a little lost. I can get the intial error but im having a problem getting past there. A nudge would be appreiated =) thanx

The best nudge that anyone can give you is to tell you to check the previous "Basic 21" thread in the forums. In fact, most people won't be able to get even halfway in this challenge without seeing that thread.

well i read all three pages of it…and i got the hint that was giving and did some research on it even though i knew quite a bit about it b4 had maybe im just a bad guesser

Just try the most basic attempt you can, using that "hint from the thread", and look at the error message you get from that. If need be, Google the error message. You'll start to figure out where to go from there.

ok i shall do that. I do have a tendancy to overcomplicate. Anyways a shall leave this alone until i have exausted all other possibilities

noober wrote: ok im having a bit of trouble with this. On a normal site (using an actual sql data base i can aquire table names and colums going by whether the page accepts it as a correctly formed query. Ex:SELECT COUT(*) FROM BLAH; and if that doesnt give me an error then its a valid table name. Now since this isnt a real sql server im dealing with these methods wont work…so im a little lost. I can get the intial error but im having a problem getting past there. A nudge would be appreiated =) thanx

Well, here is a nudge … Advanced SQL Injection ;)

naw i swear its not a lack of knowlege of sql i assure you. I have read more on SQL then any other subject im well aware of the range of commands and i have used them or real sites just to see how they work. Using wild cards like % and unions and well i dont want to go to far into it. Just trust me i have read a great deal include the quite extensive securiteam advanced sql in its entirty

noober wrote: naw i swear its not a lack of knowlege of sql i assure you. <snip>

That's the problem… you're assuming. The whitepaper that is referenced in the previous Basic 21 thread is actually a good bit of help. The types of commands that it places focus on give you a good idea of what structure you're looking for in your attempts.

There's really no more help that anyone can give you until you at least TRY.

noober wrote: naw i swear its not a lack of knowlege of sql i assure you. I have read more on SQL then any other subject im well aware of the range of commands and i have used them or real sites just to see how they work. Using wild cards like % and unions and well i dont want to go to far into it. Just trust me i have read a great deal include the quite extensive securiteam advanced sql in its entirty

i'm not questioning your sql knowledge ,, its just that file helped me alot with this chall (basically it explained all the chall to me),, read it you get nothing to lose :p .. oh and it gets interesting from page 7 (which i assume you already figured it out :D) gl :happy:

ya…so it was the first thing i had tried minus the capitalization….i really hate that

noober wrote: ya…so it was the first thing i had tried minus the capitalization….i really hate that

Well, you get used to it here. The simulations are all case-sensitive; if something doesn't work that you think should, just try it in different cases, with different spaces, etc.

For this challenge, I actually kept open a text file and just put in my attempts as I tried them. If they gave an error, I put the attempt at the top with the error below it. This helped me to keep track of what I had tried and what I had not.

–May contain spoilers, if so admin please delete–

well im on the final part of basic 21. ive read the whitepaper at http://www.ngssoftware.com/papers/advanced_sql_injection.pdf which the chall was based on. i am trying:

' u**** s***** , user***, , * fr* us***–

im trying that and many other things along those lines. ive tried:

' u**** s***** s**(user****) f*** us***–

none of these things are working although that is what the whitepaper says to do, and my sql knowledge says should work. im at a standstill. any help would be appreciated. thanks, anarchial_demise

the white paper basicly…no ENTIRLEY gives you the mission. Its basicly an answer sheet…

ive even copy and pasted what the whitepaper says and its not working for me, can i pm someone who can help me get my syntax right?

Not that I can be exactly certain what you're typing underneath those asterisks, but you have to be very careful. I had an extra space at the end, after the –, and it didn't show the error message. Check for those things.

I'm having the same problem with anarchial_…

I've typed in that last statement he said and it just says that the username/password wasn't found in the database.

Help?

I'm going to guess that your trying to figure whether the table column is an i****** or a s**. But just look what you've got. Isn't what your trying to figure out obvious?? I had the same problem. Everything worked up until page 9 i think and then that. You got all the info you need, now keep reading.

DeafCode wrote: I'm going to guess that your trying to figure whether the table column is an i****** or a s**. But just look what you've got. Isn't what your trying to figure out obvious?? I had the same problem. Everything worked up until page 9 i think and then that. You got all the info you need, now keep reading. Okay I know what you said but I don't know what you mean ^^;

You have the table name right? Good. You have the name of the columns right? Good. Everything is going good. O' whats this? I can't find whether column is an i****** or a s**. OMG, WTF mate?

Look at the name of the columns. What seems to be a number and what seems to be text. Bingo, logic rises again and thwarts query denial ounce again. Muh Hahahah. Now that you got that, keep reading.

If this sounded rude to you, I'm sorry but now you got the point.

DeafCode wrote: You have the table name right? Good. You have the name of the columns right? Good. Everything is going good. O' whats this? I can't find whether column is an i****** or a s**. OMG, WTF mate?

Look at the name of the columns. What seems to be a number and what seems to be text. Bingo, logic rises again and thwarts query denial ounce again. Muh Hahahah. Now that you got that, keep reading.

If this sounded rude to you, I'm sorry but now you got the point.Actually I don't really get the number/text part

Ugh, I can't get the stupid password out of the SQL injection. I've enumerated the field names from the table and even got the username itself, but I can't seem to get the password. Trying to get the password in the same way as the username with the same format (just changing the field name) doesn't seem to work as I just get that "Username/password was not found in DB" error.

Any ideas what the hell we're supposed to do for the final query?

I have to admit, I'm getting pretty pissed off. :xx:

http://www.ngssoftware.com/papers/advanced_sql_injection.pdf

This will give you the solution!! ;)

Thanks for the whitepaper, Cypher, but that's the exact thing I've used to get to the point I'm at now ;)

I've looked at the method to grab the password once you have the username, but I can't get it to work for me. I'm going to keep at it again today and see if I can come up with anything… I did 15 of the 16 JavaScript challenges to try to take my mind off it, but when I was done it was 3 AM and I couldn't think any longer :D

hawkster wrote: Thanks for the whitepaper, Cypher, but that's the exact thing I've used to get to the point I'm at now ;)

The great thing about that whitepaper is that it also explains how and what its doing, rather than just giving query snippets. Understand how it's enumerating and finding specific parts of the table, then apply different methods of doing so (with your particular aim in mind) until one works.

That's the thing I loved about it; it was actually interesting to read and provided helpful insights. Looking at the methods I had a lot of "why didn't I think of that?" moments and then was ecstatic when they actually worked.

When (not if) I figure out what I'm doing wrong, I'll be very, very happy. I've got nothing else interesting to do today so I might as well :D

~Hawk

hawkster wrote:

I have to admit, I'm getting pretty pissed off. :xx:

Allow me to help you with that.

Heh heh heh… that would have helped quite a bit at the gathering I was at the other night.

If I haven't dented my wall yet, I'm sure on the verge of it :D

~Hawk

The nice thing about this whitepaper is that it give u the solution!! ;)

Cyph3rHell wrote: The nice thing about this whitepaper is that it give u the solution!! ;) That's not a nice thing… What's the point of doing a challenge if you're going to be spoonfed the answer? Personally, I'd rather be giving the information to learn the subject, then derive the solution from there. Having a challenge based 100% off of a whitepaper is silly and pointless.

Zephyr_Pure wrote: That's not a nice thing… What's the point of doing a challenge if you're going to be spoonfed the answer? Personally, I'd rather be giving the information to learn the subject, then derive the solution from there. Having a challenge based 100% off of a whitepaper is silly and pointless.

I agree! But to beat a chall u must know where to look… even if u have a withepaper because some people want to beat a chall without making efforts, this is why some ppl still stuck in this chall!

Cyph3rHell wrote: I agree! But to beat a chall u must know where to look… even if u have a withepaper because some people want to beat a chall without making efforts, this is why some ppl still stuck in this chall! The challenge could've been made without following a whitepaper word for word… by changing up some of the details, it could've been helped by the whitepaper, but not completely spoiled. Anyways, I rather enjoy the challenges that leave me stuck for a while; it gives me the chance to explore a new topic and learn, put in some effort, etc. Anyways, this is moot, I suppose… This is a thread for helping with Basic 21, and that whitepaper pretty much does it on its own.

Okay, I can't believe this…

I managed to figure it out today while sitting in my Political Science class. I was making one small error in the password query that wasn't generating what it should have as a result.

Apparently I do better when I'm focused on something else… lol

Thanks for all your help, guys :D

~Hawk

No prob man, glad that u got it! ;)

hawkster wrote: Okay, I can't believe this…

I managed to figure it out today while sitting in my Political Science class. I was making one small error in the password query that wasn't generating what it should have as a result.

Apparently I do better when I'm focused on something else… lol

Thanks for all your help, guys :D

~Hawk

Same thing happened to me. I spent maybe two hours reading through SQL pages and the PDF trying to find what I was doing wrong with the syntax. As soon as I get distracted with something at work, bam, I realize the reason my injections were failing was due to an extra, hidden space in the syntax. I'd been one space away for hours. Oy vey. But hey, at least this mission was fun as hell.