hello everyone i want to have a firewall anyone well help me

Cowpipe · Aug 29, 2014

jen900 said:
Well I'm a hacker too but not too advance I'm just a girl who love's hiding stuff and actually I use two Os Windows and Linux thank you I well Pm you If I have questions. I speak English not fluently because I'm a Russian half Asian

As a hacker, I'd like to see you have a go at breaking into this site (a site designed to test and refine your hacking skills), and let us know how you did it

http://jmchilton.net/sqlinject/create.php

@Arakasi @NullPointerException ~ Have a go at this too if you haven't already, it's quite fun.

NullPointerException · Aug 29, 2014

Cowpipe said:
As a hacker, I'd like to see you have a go at breaking into this site (a site designed to test and refine your hacking skills), and let us know how you did it

http://jmchilton.net/sqlinject/create.php

@Arakasi @NullPointerException ~ Have a go at this too if you haven't already, it's quite fun.

Which SQL injection you recommend?

Cowpipe · Aug 29, 2014

NullPointerException said:
Which SQL injection you recommend?

The page is specifically designed to display errors and with almost no sanitization so you can get away with standard SQL injection without any special techniques, unless you're looking to show off

Arakasi · Aug 31, 2014

Select * from newb_site1
DROP INDEX
lol

Cowpipe · Aug 31, 2014

Arakasi said:
Select * from newb_site1
DROP INDEX
lol

Haha, easy as pie

SELECT * FROM cowpipe_mind WHERE type = 'new_challenge'

Error at line 1, could not find 'cowpipe_mind'

Arakasi · Aug 31, 2014

GRANT ALL PRIVILEGES ON *.* TO Cowpipe

Oops i cheated

BERROHO · Aug 31, 2014

you have to install one internet securite that what you have to do

Arakasi · Aug 31, 2014

@Cowpipe
Just now getting a tiny bit of free time.

What no dork for jmchilton.net ?
Of course not that would make it easy, why do that on a test your intrusion experience website.

Arakasi · Aug 31, 2014

Oh wait . . .

<li><a href="index.php?user_id=4">agentgill</a></li>
<li><a href="index.php?user_id=7">ak</a></li>
<li><a href="index.php?user_id=9">javaug</a></li>
<li><a href="index.php?user_id=10">jody</a></li>
<li><a href="index.php?user_id=2">john</a></li>
<li><a href="index.php?user_id=8">leah</a></li>
<li><a href="index.php?user_id=6">lexi</a></li>
<li><a href="index.php?user_id=3">msi</a></li>
<li><a href="index.php?user_id=5">peter</a></li>
<li><a href="index.php?user_id=1">phil</a></li>
<li><a href="index.php?user_id=11">scott</a></li>
<li><a href="index.php?user_id=12">tim</a></li>

Arakasi · Aug 31, 2014

Whoops, we has possible db variables

$('#post_username').val();
$('#post_password').val();

Fun is over

Will come back to this interesting tweeter site .....

Cowpipe · Aug 31, 2014

Arakasi said:
Whoops, we has possible db variables
$('#post_username').val();
$('#post_password').val();

Fun is over
Will come back to this interesting tweeter site .....

It's trickier than it appears from the outside right

Let me know how you get on when you come back to it, it's great to read your updates (my very own twitter feed about hacking, well.. twitter?

)

Arakasi · Aug 31, 2014

On mobile-

Yes the server has been giving errors, if this is by design, regarding database.

Stay tuned ha!

Cowpipe · Aug 31, 2014

Arakasi said:
On mobile-

Yes the server has been giving errors, if this is by design, regarding database.

Stay tuned ha!

It is by design thankfully, makes things easier for us!

Arakasi · Sep 2, 2014

Error: Failed to exeucte query [SELECT username FROM users where username='' and password='';]. PDO Error Info: array ( 0 => 'HY000', 1 => 1, 2 => 'unrecognized token: "\'\'\' and password=\'\';"', )

LOL whoever built it misspelled execute in the error messages returned.

Cowpipe · Sep 2, 2014

Arakasi said:
LOL whoever built it misspelled execute in the error messages returned.

Hahaha. Looks like it's manually evaluating the queries then.. Would be a little dangerous to run live sql queries, even on a virtual database

Maybe they can't spill properly, but they seem to have a grasp of security

Arakasi · Sep 2, 2014

LOL wordpress
http://jmchilton.net/blog/wp-login.php

interesting

Arakasi · Sep 2, 2014

Apache on ubuntu
php of course
An MsAccess db

Almost done, can't believe im doing this at work today, instead of well.... working.

Arakasi · Sep 2, 2014

Done

Are we sure this is a test db, specifically for this ROFL?
There is a lot of data/tables here.

What are we doing now, adding a login ? User Cowpipe maybe ? Ha
@Cowpipe

Cowpipe · Sep 2, 2014

Arakasi said:
Done

Are we sure this is a test db, specifically for this ROFL?
There is a lot of data/tables here.

What are we doing now, adding a login ? User Cowpipe maybe ? Ha
@Cowpipe

Haha, yes it's definitely a test db. I think the large data set is specifically to simulate real life servers. The idea being to obtain the list of usernames and passwords

Feel free to add me to their database if you like, I'll tweet a thank you for you!

haha

Arakasi · Sep 2, 2014

Okay, gotta run to a doctor appointment for the woman, be back soon.

hello everyone i want to have a firewall anyone well help me

Level 16

Level 12

Level 16

Level 4

Level 16

Level 4

Level 2

Level 4

Level 4

Level 4

Level 16

Level 4

Level 16

Level 4

Level 16

Level 4

Level 4

Level 4

Level 16

Level 4

Similar threads