Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 3

  1. Home
  2. Forum
  3. Basic
  4. Basic 3

The-Scarecrow's Avatar

The-Scarecrow

Member
755 20

I think it’s broken.

Hear me out. Use the cookie editor to change the username to a base 2 system. Reload the page for the next section. But nothing happens it just re-writes the cookie.

I’m thinking its writing it before reading it.

Also I couldn’t find a user who has completed the challenge.

edit: Issue submitted.


Ce1tic13h0y's Avatar

Ce1tic13h0y

Member
2,340 28
  • @ this point in time : SAME HERE.

the refresh resets the THING, you know the THING, Cmon, man.


scallywag's Avatar

scallywag

130 3

I am having issues with the SQL Injection bit. I assume it should be sth like ’ OR 1=1 but unfortunately this only sends me back to step 1


Mordak's Avatar

Mordak

Evil Sorcerer
4,025 21

Basic 3 is working correctly currently and your on the right track with your SQL injection. Have you forgotten about the cookies ?


scallywag's Avatar

scallywag

130 3

yes, i altered the cookies, my sql injection just doesn’t work


Ce1tic13h0y's Avatar

Ce1tic13h0y

Member
2,340 28

Well if the cookie is correct, then youll be presented with the sql login. if not then you go back to first page, are you sure the cookie gets set? you’ll know if cookie is set correctly, the page will tell you.


wand3rlust's Avatar

wand3rlust

1,595 1

tweaked the cookie correctly and got to the sql part. tried the default sql inject, complete with “–,” but it doesn’t let me in. confirmed cookie was still altered when trying the sql inject, and it was (also tried changing it back, which didn’t help). help appreciated.


Mordak's Avatar

Mordak

Evil Sorcerer
4,025 21

Drop us PM with more details and I can provide some hints.


Mordak's Avatar

Mordak

Evil Sorcerer
4,025 21

I spoke with @wand3rlust via PM and can confirm that the challenge is online and working correctly. As another hint for anyone else don’t make the SQL too complex.


wand3rlust's Avatar

wand3rlust

1,595 1

yes, thanks, @mordak. i had been using the most common syntax for the sql inject (the kind you’d find on an sql injection tshirt :), but this challenge uses an equally simple but different syntax for the inject.


rex_mundi's Avatar

rex_mundi

☆ Lucifer ☆
3,190 14

I’ve been trying to redo all of the challenges on a mobile device as  that’s how most of us access the internet nowadays, but this bastard is really busting my fucking chops


Salted's Avatar

Salted

80 0

I could use some help with the SQLi part also. I logged in with the correct cookie, got to the second login page about SQL, checked t0 make sure the the cookies were still set to what I set them as in part one - all good there, but now I’ve tried so many different sql injection attacks but haven’t gotten a working one yet. Could someone help me with this part, please? I’m so stuck.


Same here - trying a variety of simple SQLI syntaxes with no dice, I have the cookies edited correctly but lord if this thing don’t just keep kickin’ me back


Ignore my response - I got it figured out.