Actually two cookies are been set in your browser. But only one of them is usefull for this challenge. you can see the cookie value by viewing the source of the page and also as it is been set as cookie, you can view it among the cookies in your browser. as this page requires the username, find the username value from that cookie. you have to encrypt it to ascii encryption code, as ascii encryption mode is eabled. thus the value entered in the given textbox will be decrypted with ascii encryption method and the decrypted value will be compared with the value reside at your cookie. so you have to encrypt the username using ascii encryption and enter it. but each time, the ascii encryption gives different value, you may end up with error. so the real hack is, edit the cookie to its ascii value. use some ascii editor. I used cookie editor add-on for firefox. you can download it here. now convert the username into ascii code and replace the cookie value. conver any string into ascii here (remove all spaces). now enter the username itself without any encryption. you will be authenticated.
And the next is a sql injection hack. its very simple and basic. google about sql injection and you will end up with the answer.
Ans:
the username is sam
its ascii value is 011100110110000101101101
using any cookie editor, replace the username cookie content with the ascii value mentioned above.
now give sam in the textbox.
first step is over. now sql injection. many ways are present, i used this way. just copy and paste the next line without cotes.
"one' OR 1=1--"
www.hellboundhackers.org
No comments:
Post a Comment