Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Real 9

  1. Home
  2. Forum
  3. Realistic
  4. Real 9

ghost's Avatar

ghost

0 0

Ok, this challenge may appear to have bugs but it doesn't:

  1. If you get errors when trying to hack the admin page its ok, its suppost to do this.

  2. If your playing about with encryption/decrytion pages and your decrypted text isn't exactly the same as the text you encrypted its ok, the text you have to decrypt for the challenge will work.


ghost's Avatar

ghost

0 0

Very nice challenge, hopefully I'll be one of first to complete this. Very nicely set up too.


ghost's Avatar

ghost

0 0

i think system_meltdown got the hands up first for that… anyway i'v been stuck up on this… its always saying im on the right track…


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

Yup completed it as soon as I found out it got released :)


ghost's Avatar

ghost

0 0

system_meltdown can u give me a hint on that… admin.php.. u should have already known how far i'v been..


Mr_Cheese's Avatar

Mr_Cheese

0 1

i completed it fairly fast, so here's my tips (i didnt script this challenge, so i havnt cheated).

on the front page it says "updated to mysql login"… so perhaps a SQL injection would work. (scankyfrank has scripted it so it doesnt "look" for sql injectoins. the only way you can hack it, is if you actually sql inject it yourself, and create your own sql injection to work with the script)

So you could try bypassing the login via your own custom sql injection

once you get into the admin panel, its straigth forward you'll be able to work out the rest.

dont forget to PM the liberals the dycrypted message ;)


ghost's Avatar

ghost

0 0

FlaKe wrote: i think system_meltdown got the hands up first for that… anyway i'v been stuck up on this… its always saying im on the right track…

it says that if you use certain mysql commands that could potentially be used maliciously.


ghost's Avatar

ghost

0 0

i'v tried something like [edit by cheese] basic sql injections [/edit] but no luck yet.. :(


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

[edit due to spoilers] - please PM Flak instead of posting this on forums. thanks [/edit]

If that is a spolier please delete it.


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

Lol I thought it might of got edited.


ghost's Avatar

ghost

0 0

oops.. sorri for the spoiler… anyway got it now… :)


ghost's Avatar

ghost

0 0

LMAO I had it all along except I didn't put it in both places. Very nicely set up Skank.


ghost's Avatar

ghost

0 0

i just used the injection i uses anywhere, and it seems like it works 90% of the time!


ghost's Avatar

ghost

0 0

hmm, i get 'you on the right track but stick to the mission.' But this just comes up when i enter a certain SQL statement. I can also generate this error:

markupWarning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/hbh2/public_html/challenges/real9/admin.php on line 140

Any hints?