B*A*S*I*C*9 PLEASE HELP
First, find the directory you're searching (use common sense or the source code). Then find a place where there is an SQL injection vulnerability. From there, you have to use the Poison Null Byte somehow, which I haven't figured out yet. These hints are not spoilers; they can easily be found in the forums and have been repeated many times.
SlimTim10 wrote: First, find the directory you're searching (use common sense or the source code). Then find a place where there is an SQL injection vulnerability. From there, you have to use the Poison Null Byte somehow, which I haven't figured out yet. These hints are not spoilers; they can easily be found in the forums and have been repeated many times.
Thank you SlimTim10. I've found the directory. My question is : why the search.php find only 2 files of this directory? For example it can't find error_log page and search1.php!! Is the wrong directory that i've found? Also i've inject a sql in login.php that show me a password and a new form to login whit her(this is the same sql injection used for basic 8 and the password is the same!). This from redirect me to a 41.php page that no exist. I don't understand who is the page to apply the poison Null Byte attack. Thanks for the reply but it can't help me however.
You have to know about html, php, sql injecting and poison null byte attack.
- look at the source and find the directory where the form perform the searches; The initial message tell you clearly what is the name of the dir you need. However you can look at the source of the page or google it to find the dir.
- Ever look all files and all sources. Find a page that is vulnerable to sql injection attack. Try it injecting a sql how y've done in basic8. The page display a password and a form to put her. Once you find that stop and turn to the start page. Else if you put the displayed password in this form you're redirected to a non existent page(in the wrong track).Ok? If you don't have time to spend once you have foud the sql injection vulnerable page turn to the start page.Let's say that is name is larika.php.
- You have now to apply the Poison Null Byte attack to the larika.php page from the start page. How the null byte work? What is it? Read about null byte and you'll easly understand how to use it. Now begins the 2nd part of mission.
- If all is right you are redirected to a page that tell you in clear and in the source the username and the password to beat the mission.
- Turn in the start page and login with this information.
Thanks everybody that put helps,comments and hints in this forum!!
this might sound silly but … what page do you mean by start page. the first page of hbh http://hellboundhackers.org/ or the first page of the mission http://hellboundhackers.org/challenges/basic9
edit: never mind i found out about it read the last line of the tuto