SQL NINJA CTF SOLUTIONS FOR BASIC INJECTION CATEGORY

-

This CTF base on sql injection. If we want to exploit sql injection we have to follow a rule. that is,
we must balance the query. If we successfully balanced the query we can easily exploit the sql
injection.

Challenge 1

When i put a single quote at the end of the url i will get below output.

While we obtain the output, we can say this output is one of the sql error. The actual error is,
this one has extra single quote (''1'''). So we have to balance it. If we want to balance
this we must add OR’1’=’1 this at the end part of the url. After attaching
the query will be modified like this a’or’1’=’1. The last quote will be added by system.

Challenge 2

In this challenge if we put single quote we will get below error

Our input directly goes within double quote so, this query does not need to put any special
character for query balancing purposes, hence we can directly insert our malicious(+or+1=1) code
at the end of the url.

 Challenge 3

This level does not give any sql related output while we use single quote at the end.so we have
to move on double quote. If we use double quote at the end of the url we will get as usual sql error.
Then we can balance the query by using this “-- -” malicious code. Now we can inject the harmful
code within the url.

Challenge 4

In this level shows close bracket symbol with in the error message so we have to fill that bracket
as well.
So i use this code “)-- -” to balance the query.

Comments

  1. UnknownSeptember 27, 2018 at 5:52 AM

    Could you elaborate on what you meant by "balancing queries"?

    ReplyDelete
    Replies
    1. AnjaiOctober 23, 2019 at 2:39 AM

      1st of all you have to produce a SQL error to identity the vulnerability. after found the vulnerability you should fix the SQL error by your self. it is called as query balancing.

      Delete
  2. KidslearnwithfunMarch 27, 2019 at 4:01 AM

    Thank you share with us ninja information

    ReplyDelete
  3. UnknownMay 1, 2021 at 11:13 AM

    Are you in need of finance? we give out guarantee cash at 3% interest rate. Contact us on any kind of finance now: financialserviceoffer876@gmail.com whatsapp Number +918929509036 Dr James Eric Finance Pvt Ltd

    ReplyDelete
  4. UnknownJanuary 7, 2022 at 7:17 PM

    TODAY TESTIMONY ON HOW I GOT MY LOAN AMOUNT $800,000.00 DOLLARS FROM A RELIABLE AND TRUSTED LOAN COMPANY LAST WEEK Email for immediate response drbenjaminfinance@gmail.com

    Hello everyone, My name is Mrs. Carolin Glowski, I'm from Europe, am here to testify of how i got my loan from BENJAMIN LOAN FINANCE after i applied Two times from various loan lenders who claimed to be lenders right here this forum, i thought their lending where real and i applied but they never gave me loan until a friend of mine introduce me to {Dr. Benjamin Scarlet Owen} the C.E.O of BENJAMIN LOAN FINANCE who promised to help me with a loan of my desire and he really did as he promised without any form of delay, I never thought there are still reliable loan lenders until i met {Dr. Benjamin Scarlet Owen} who really helped me with my loan and changed my life for the better. I don't know if you are in need of an urgent loan also, So feel free to contact Dr. Benjamin Scarlet Owen on his email address drbenjaminfinance@gmail.com

    ReplyDelete

Post a Comment

Popular posts from this blog

Install android studio on the parrot os

-
Image
parrot OS is based on Linux environment so we have to download Linux version of android studio. if you want Linux version android studio just click here . after the download is completed you will get the zip file of the android studio. so you need to unzip it first. then you can see several files within the unzipped folder. figure 1 represents the sample output. Figure 1 then go to bin folder which is stored in the unzipped folder. after opening the bin folder, you can see studio.sh shell script. if you execute that, the android studio will be running on your PC's.  Note:- you have to give execute permission to studio.sh for the current user before you execute studio.sh script. (sudo chmod u+x studio.sh) Figure 2 but we will be doing like this. it's annoying, so now we are going to the terminal command that is helped to us to access android studio by using terminal commands.  move your unzipped file to "/root" from Downloads. then go to "/usr
Read more

How to do simple brute force attack with burp suite

-
Image
What is brute force attack? brute force is a kind of password based attack. normally attacker checks each and every possible combination until reaching the expected output. so an attacker should check the huge amount of data but the normal human cannot do this kind of things. that's why we must move on some predefine tools to do this kind of attacks. work through this is the sample login page. we are going to attack this page and get the login credentials.(note: this is a basic login form it does not have any prevention mechanism for brute force attack.) let's try any value on this form and capture the data packet for analyzing. after analyzed we can say these data packets have username and password, which we entered previously. so we have to forward this data packet to intruder tab (right click and select intruder option). now  go to the intruder and mark the target variables which are carrying username and password. The below figure shows that. Note:
Read more

PoC video of How to Hack Gmail and Bitcoin Wallet using SS7 flaw

-
Image
A long time ago we published a report about how someone can hack WhatsApp with the SS7 by default. The standard SS7 exists for eons now with corrections, but GSM and telecom companies do not bother or trouble to repair their infrastructure against the standard. Now a Cyber ​​Security Company called Positive Technologies has released a video detail as anyone in any Gmail account can hack with a name and a phone number with the standard SS7. After the abduction of the Gmail account of the victim, the investigators then tried to steal a Bitcoin wallet with the same SS7 defect. Positive researchers sent their video to Thomas Fox-Brewster, an investigating reporter for Forbes, as well as details about hacking. What is the SS7 error? The vulnerability is found in the signaling system 7 or SS7, the technology used by telecommunication operators where the high-security message system and telephone calls depend. SS7 is a set of telephone signaling protocols developed in 1975 that make i
Read more