I'm owned on basic eight

I've read every article and every forum on HBH, and looked over a few SQL injection tutorials…

The exact steps I took

• First off enter a random password into the pw box -viewed source on secure page and copied down ?s*l_****y
• On that page in the URL box I added ?s*l_****y= to http://www.hellboundhackers.org/challenges/basic8/secure-area.php

The link turned out like this http://www.hellboundhackers.org/challenges/basic8/secure-area.php?s*l_****y=

and after ?s*l_y= I used everything I could think of, ', 1=1, fy_db, SELECT, PROJECT, Drake and a few other things

I dont get what I am doing wrong because I cant get past this part… someone help please :P MSN me if you would like

[edit]removing spoilers, scankyfrank[/edit]

Well, you have some of the right things, however put them together. Dont just try single things.

Its still not working

PM me with what you are trying

:matey:

I'm also kinda stuck on this one…

did that, but tried something simpler:

?s**_qr* = SCT Drake FRM family_db W**RE password=*

I read on forums there was no need to inject anything, and this was the only idea i had…. tried some other variations like

SCT * FRM family_db WRE password=* S**CT * FRM family_db

but none of them worked…

133ch11f3 wrote: I'm also kinda stuck on this one…

did that, but tried something simpler:

?s**_qr* = SCT Drake FRM family_db W**RE password=*

I read on forums there was no need to inject anything, and this was the only idea i had…. tried some other variations like

SCT * FRM family_db WRE password=* S**CT * FRM family_db

but none of them worked…

Oh, it's easier than what you think… don't overestimate it.

Ok, i'll keep trying some other strings… Any trouble i'll just post something here again… thanks

yeah, just think… basics.