basic 21

well, let me be the first to start a thread on it

so, i tried typing in a certain character- if you've done it, you know what i mean, i've used it in this post… after typing it in, i get the error message but have no blue what to do from there. Any help?

Thanks

Yes me too :(

i think the chall is REALLY buggy actually…. a few things: 80040E14 is not an "unenclosed ***" error enter the "character" into the user name and it says your password is wrong enter it into the password and its fine it says you used a different character than you used

only_samurai wrote:

80040E14 is not an "unenclosed ***" error

lol ya i tried googleing the error just to see what came up, that confused me

and also the challenge descriptions says "This time Drake invented another secure PHP and MSSQL login. But he once again failed to secure it…" its secure but not secure?????!!!!!

im at the same point as everybody else on this one. i can get as far as this one character, but if it accepts that surely it would accept a bog standard SQL injection? :S

Don't try character per character to find the username ;)

PM me what you guys have, I'll adjust some things. Please note that we have to simulate everything in a challenge. Making a real connection to a database would be a bit hazardous for HBH ;)

The challenge is new, so if you have any suggestions or remarks, you can PM me about them and I'll do my best.

no the_cell were not trying to try to find the username char by char, we mean the single character that generates the SQL error in the first place.

yeah that is all I'm coming up with….i tried reading up on the error but found nothing useful

you need to be able to put more than just that character into the username field but anytime you do it goes straight to not found.

extra: i think the errors need to be changed because the error is static yet it really shouldnt and wouldnt be.

i think we are supposed to use different sql injections not the same old

you could create a database just for challenges.. i agree with what's been said.

it's either blind or not blind. and in this case it's not blind for a standart thing so we should receive dynamic errors according to our imput.

this way we'll just have to guess what you had in mind for a solution

ive found a way to generate the error and I found a clue to extract more information by using this single character..

after the 3rd step where it says (tablename).password it doesnt generate a error anymore. im baffled from there..

is it a code bug or am i doing something wrong?

PM me pls

I managed to get the SQL Server error '80040e14' using the username field, but still no luck injecting… :(

Please tell us some hints ;)

good job, The_Cell, you got the entire site stumped except you and system… now can we please have some advice!!!! lol…

come on. i need some pointers/advice/hints!!!

I got the error, got the injection to work. but it doesnt work when it comes to "password" anybody who beat this please PM ME!! because I dont want to leave out any spoliers that im very tempted to type out.

i think this challenge wants you to follow a very specific path in gathering info if you stroll away from it you wont get any errors.. or in my case i was typing the right stuff but without a space after a , so watch out for that

(nope haven't done it but i'm past the beginning)

Any hint? :)

Sorry that the challenge isn't super yet but coding every possible error for every possible case isn't a walk in the park ;)

For the ones who know SQL: just HAVING an idea would get you far ;) Hope you get the hint..

i found an error and i found the name of the table and the names of the columns…. what should i do next ?

The_Cell wrote: Sorry that the challenge isn't super yet but coding every possible error for every possible case isn't a walk in the park ;)

For the ones who know SQL: just HAVING an idea would get you far ;) Hope you get the hint..

ok…i get the hint; now it is time for me to try to use it

i was past that hint. cell and i've also pm'd you before about it.

Anti wrote: i found an error and i found the name of the table and the names of the columns…. what should i do next ?

Why don't you try to view the values of some fields ;)

sakarin wrote: i was past that hint. cell and i've also pm'd you before about it.

I'm in the middle of my partial exams so I won't be answering/checking any PM's till this weekend.

oh cmon.. it takes less time than to read a post and i can't post it here cuz it would be a spoiler

lol. Notice how everyone here is HBH GURU or higher, but there are no newbs.

ranma wrote: lol. Notice how everyone here is HBH GURU or higher, but there are no newbs.

what about the elites and uber elites?

Nice quote TotcoS!

for those who don't already know, Mouse, in The Matrix, says, "Pay no attention to these hypocrites Neo, to deny our own impulses is to deny the very thing that makes us human." :D

geek alert!

lol ^^

well.. Ive gone past your hint… I found how many columns, I found what I needded to extract.. Ive already tried the spacing between commas

blah, blah blah , blah blah ,blah blah,blah

but I know and you know that the first line is correct, but after you have reached to the 3rd column, it just doesnt show error anymore. someone please PM me!!!!

how long ago did you try that? system fixed that error

what no one else is annoyed by not doing this challenge?

Well the first parts were really easy, but I just can't seem to get the final query to work :p

Uber0n wrote: Well the first parts were really easy, but I just can't seem to get the final query to work :p

yes, same here!

:|

sucks being us..

Can someone give as a hint for the last part of this challenge!?

or maybe a good article for reading

i found the name of the table and columns but what to do next ? i try to get some column values but nothing works…

The_Cell can i PM you ? (i tried but you'll have to clear your mailbox coz it's full ;))

PM me, if you'd like. I can help, just say how far you're at, and i'll push you in the right direction :).

Cheers, -Jay.

I'm still stuck… Can someone give hints for the last part of this challenge ? I've tried some inserts, select, unions, … but nothing works.:(

If anyone needs help, pm me for a link to a white paper on how to defeat this challenge B)

I've been getting a bunch of requests for the whitepaper on how to defeat this challenge…If the admins or The_Cell don't mind me posting it, you can find it at:

http://www.scribd.com/doc/20582/Advanced-SQL-Injection

It's a great paper on some more specific types of SQL Injection instead of the old ' OR 1=1– stuff.

The_Cell gave the biggest hint on the first page of this thread on what you need to search for. Just HAVING a clue will allow you to beat this :D

The_Cell, let me know if you want me to remove this post.

Why would it matter if you have posted that. Its not a spoiler or even a tutorial

Good point…I don't really know how much help you can give on these forums..as you can see, I don't post much, just do the challenges.

Hello,

I was able to get the names of all columns, but I'm still failing to extract password from the database.

I've tried the UNION command with NO effect. And the paper about Advanced-SQL-Injection also did no helped me much.

I need to be pointed to the right direction.

Any help will be grealty appriciated! :)

The answer is right there in the whitepaper….

After you've found out what columns exist in the table, you need to find a way to enumerate values from those columns. The problem with the login page is that it is not designed to return the values that you've queried, just allow access to a user that has credentials in the table. In that case, we need to be able to find a way to get data from the tables. We do that by enumerating values through syntax errors.

After the section in the whitepaper that shows you how to enumerate the column names, read further on how to create type convertion errors…Once you know how to do that, you can enumerate the usernames and passwords through error messages. The answers are in there…just read a little further down :)

the paper is good; it helped me complete the challenge

contmp wrote: Hello,

I was able to get the names of all columns, but I'm still failing to extract password from the database.

I've tried the UNION command with NO effect. And the paper about Advanced-SQL-Injection also did no helped me much.

I need to be pointed to the right direction.

Any help will be grealty appriciated! :)

i had this same problem. try doing different amounts of 1's (another bug, i think)

It's not a bug, Do some research on MSSQL tables and you'll get it, The white paper gives alot of spoilers:o

i remember the username select had a different ammount of 1s than the password, i spent a while figureing that out.

this chall was really hard

LanceUppercut wrote: The answer is right there in the whitepaper….

After you've found out what columns exist in the table, you need to find a way to enumerate values from those columns. The problem with the login page is that it is not designed to return the values that you've queried, just allow access to a user that has credentials in the table. In that case, we need to be able to find a way to get data from the tables. We do that by enumerating values through syntax errors.

After the section in the whitepaper that shows you how to enumerate the column names, read further on how to create type convertion errors…Once you know how to do that, you can enumerate the usernames and passwords through error messages. The answers are in there…just read a little further down :)

thanx for the reply, but still the damn challenge is giving me a headache. the damn username query has to be very specific. for example in previous part *hvn 1=1 **worked but 2=2 did NOT. i know that's probably because it is simulated, but still wtf! :-(

very interesting, easily missed on syntax

really the article posted by LanceUppercut gives a lot of clues.

That is actually one of the more well written articles out there on Advanced SQL Injection. The format it was done in makes it alot easier to read than your standard website text.

Beat it. Loved it. Begging for more.