-
- | ID |
- USERNAME |
- PASSWORD |
-
-
-
- ";
-
- }
- else
- {
- echo '';
- print_r(mysqli_error());
- echo "";
- }
- }
- else
- {
- echo "Please input parameter as SORT with numeric value
";
- echo "
";
- echo '
';
-
- }
-?>
-
-
-
-
-
-
-
diff --git a/Less-54/index.php b/Less-54/index.php
new file mode 100755
index 0000000..5aba6d7
--- /dev/null
+++ b/Less-54/index.php
@@ -0,0 +1,220 @@
+
+
+
+
+Less-54:Challenge-1
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 10 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 11)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo 'Your Login name:'. $row['username'];
+ echo "
";
+ echo 'Your Password:' .$row['password'];
+ echo "";
+ }
+ else
+ {
+ echo '';
+// print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 10 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '
';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '
';
+ header( "refresh:3;url=index.php" );
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-54/result.txt b/Less-54/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-54/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/Less-55/index.php b/Less-55/index.php
new file mode 100755
index 0000000..83affb8
--- /dev/null
+++ b/Less-55/index.php
@@ -0,0 +1,220 @@
+
+
+
+
+Less-55:Challenge-2
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 14 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 15)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id=($id) LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo 'Your Login name : '. $row['username'];
+ echo "
";
+ echo 'Your Password : ' .$row['password'];
+ echo "";
+ }
+ else
+ {
+ echo '';
+// print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 14 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ header( "refresh:3;url=index.php" );
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-55/result.txt b/Less-55/result.txt
new file mode 100644
index 0000000..3c05a5b
--- /dev/null
+++ b/Less-55/result.txt
@@ -0,0 +1,3 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
diff --git a/Less-56/index.php b/Less-56/index.php
new file mode 100755
index 0000000..8d08af6
--- /dev/null
+++ b/Less-56/index.php
@@ -0,0 +1,220 @@
+
+
+
+
+Less-56:Challenge-3
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 14 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 15)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id=('$id') LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo 'Your Login name:'. $row['username'];
+ echo "
";
+ echo 'Your Password:' .$row['password'];
+ echo "";
+ }
+ else
+ {
+ echo '';
+// print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 14 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ header( "refresh:3;url=index.php" );
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-56/result.txt b/Less-56/result.txt
new file mode 100644
index 0000000..3c05a5b
--- /dev/null
+++ b/Less-56/result.txt
@@ -0,0 +1,3 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
diff --git a/Less-57/index.php b/Less-57/index.php
new file mode 100755
index 0000000..7e2b614
--- /dev/null
+++ b/Less-57/index.php
@@ -0,0 +1,220 @@
+
+
+
+
+Less-57:Challenge-4
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 14 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 15)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+ $id= '"'.$id.'"';
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id=$id LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo 'Your Login name:'. $row['username'];
+ echo "
";
+ echo 'Your Password:' .$row['password'];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ // print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 14 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ header( "refresh:3;url=index.php" );
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-57/result.txt b/Less-57/result.txt
new file mode 100644
index 0000000..3c05a5b
--- /dev/null
+++ b/Less-57/result.txt
@@ -0,0 +1,3 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
diff --git a/Less-58/index.php b/Less-58/index.php
new file mode 100755
index 0000000..03dc4e5
--- /dev/null
+++ b/Less-58/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-58:Challenge-5
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 5 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 6)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id='$id' LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 5 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-58/result.txt b/Less-58/result.txt
new file mode 100644
index 0000000..3c05a5b
--- /dev/null
+++ b/Less-58/result.txt
@@ -0,0 +1,3 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
diff --git a/Less-59/index.php b/Less-59/index.php
new file mode 100755
index 0000000..371b6f3
--- /dev/null
+++ b/Less-59/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-59:Challenge-6
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 5 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 6)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id= $id LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 5 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-59/result.txt b/Less-59/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-59/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/Less-60/index.php b/Less-60/index.php
new file mode 100755
index 0000000..0eb481c
--- /dev/null
+++ b/Less-60/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-60:Challenge-7
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 5 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 6)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+ $id = '("'.$id.'")';
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id= $id LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 5 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-60/result.txt b/Less-60/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-60/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/Less-61/index.php b/Less-61/index.php
new file mode 100755
index 0000000..2650352
--- /dev/null
+++ b/Less-61/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-61:Challenge-8
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 5 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 6)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id= (('$id')) LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 5 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-61/result.txt b/Less-61/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-61/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/Less-62/index.php b/Less-62/index.php
new file mode 100755
index 0000000..68799a7
--- /dev/null
+++ b/Less-62/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-62:Challenge-9
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 130 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 131)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id= ('$id') LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ // print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 130 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-62/result.txt b/Less-62/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-62/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/Less-63/index.php b/Less-63/index.php
new file mode 100755
index 0000000..0b0b1b6
--- /dev/null
+++ b/Less-63/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-63:Challenge-10
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 130 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 131)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id= '$id' LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ // print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 130 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-63/result.txt b/Less-63/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-63/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/Less-64/index.php b/Less-64/index.php
new file mode 100755
index 0000000..b4ccb96
--- /dev/null
+++ b/Less-64/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-64:Challenge-11
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 130 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 131)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id= $id LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ // print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 130 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-64/result.txt b/Less-64/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-64/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/Less-65/index.php b/Less-65/index.php
new file mode 100755
index 0000000..3306b77
--- /dev/null
+++ b/Less-65/index.php
@@ -0,0 +1,221 @@
+
+
+
+
+Less-65:Challenge-12
+
+
+
+
+
+
+
+Welcome Dhakkan
+
+
+
+
+You have reset the Challenge
\n";
+ echo "Redirecting you to main challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ //echo "cookie expired";
+
+ }
+ else
+ {
+
+
+ // Checking the cookie on the page and populate the table with random value.
+ if(isset($_COOKIE['challenge1']))
+ {
+ $sessid=$_COOKIE['challenge1'];
+ //echo "Cookie value: ".$sessid;
+ }
+ else
+ {
+ $expire = time()+60*60*24*30;
+ $hash = md5(rand(0,100000));
+ setcookie("challenge1", $hash, $expire);
+ //echo "New Cookie : " . $hash . "
";
+ $passwd = passwd_gen();
+ //echo "Password : ".$passwd;
+ $sql = "UPDATE challenge1 set sessid = '$hash', secret_key = '$passwd', tryy= 0 WHERE id=1";
+ mysql_query($sql);
+ }
+
+ echo "
\n";
+
+ // take the variables
+ if(isset($_GET['id']))
+ {
+ $id=$_GET['id'];
+
+ //logging the connection parameters to a file for analysis.
+ $fp=fopen('result.txt','a');
+ fwrite($fp,'ID:'.$id."\n");
+ fclose($fp);
+
+
+ //update the counter in database
+ next_tryy();
+
+ //Display attempts on screen.
+ $tryyy = view_attempts();
+ echo "You have made : ". $tryyy ." of 130 attempts";
+ echo "
\n";
+
+
+ //Reset the Database if you exceed allowed attempts.
+ if($tryyy == 131)
+ {
+ setcookie('challenge1', ' ', time() - 3600000);
+ echo "You have exceeded maximum allowed attempts, Hence Challenge Has Been Reset
\n";
+ echo "Redirecting you to challenge page..........\n";
+ header( "refresh:4;url=index.php" );
+ echo "
";
+ }
+
+
+ $id= '("'.$id.'")';
+ // Querry DB to get the correct output
+ $sql="SELECT * FROM users WHERE id= $id LIMIT 0,1";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ $unames=array("Dumb","Angelina","Dummy","secure","stupid","superman","batman","admin","admin1","admin2","admin3","dhakkan","admin4");
+ $pass = array_reverse($unames);
+ echo 'Your Login name : '. $unames[$row['id']];
+ echo "
";
+ echo 'Your Password : ' .$pass[$row['id']];
+ echo "";
+ }
+ else
+ {
+ echo '';
+ // print_r(mysql_error());
+ echo "";
+ }
+ }
+ else
+ {
+ echo "Please input the ID as parameter with numeric value as done in Lab excercises\n
\n";
+ echo "The objective of this challenge is to dump the secret key from table Challenge1 in Less than 130 attempts";
+ }
+
+ }
+
+
+?>
+
+
+
+
+
+
+
+
+
+';
+ $key = addslashes($_POST['key']);
+ $key = mysql_real_escape_string($key);
+ //echo $key;
+ //Query table to verify your result
+ $sql="SELECT 1 FROM challenge1 WHERE secret_key= '$key'";
+ $result=mysql_query($sql);
+ $row = mysql_fetch_array($result);
+
+ if($row)
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ echo "";
+ }
+ else
+ {
+ echo '';
+ echo "\n
";
+ echo '';
+ //print_r(mysql_error());
+ echo "";
+ }
+
+
+}
+
+?>
+
+
+
+
+
+
+
+
+
diff --git a/Less-65/result.txt b/Less-65/result.txt
new file mode 100644
index 0000000..9c41c6b
--- /dev/null
+++ b/Less-65/result.txt
@@ -0,0 +1,13 @@
+ID:1
+ID:10
+ID:-1' union select 1,2,3 --
+ID:1'
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
+ID:1
diff --git a/images/Less-54-1.jpg b/images/Less-54-1.jpg
new file mode 100644
index 0000000..9e401bc
Binary files /dev/null and b/images/Less-54-1.jpg differ
diff --git a/images/Less-54-2.jpg b/images/Less-54-2.jpg
new file mode 100644
index 0000000..29555cc
Binary files /dev/null and b/images/Less-54-2.jpg differ
diff --git a/images/Less-54.jpg b/images/Less-54.jpg
new file mode 100644
index 0000000..50dd375
Binary files /dev/null and b/images/Less-54.jpg differ
diff --git a/images/Less-55.jpg b/images/Less-55.jpg
new file mode 100644
index 0000000..a20145e
Binary files /dev/null and b/images/Less-55.jpg differ
diff --git a/images/Less-56.jpg b/images/Less-56.jpg
new file mode 100644
index 0000000..e086064
Binary files /dev/null and b/images/Less-56.jpg differ
diff --git a/images/Less-57.jpg b/images/Less-57.jpg
new file mode 100644
index 0000000..145c2b6
Binary files /dev/null and b/images/Less-57.jpg differ
diff --git a/images/Less-58.jpg b/images/Less-58.jpg
new file mode 100644
index 0000000..2995364
Binary files /dev/null and b/images/Less-58.jpg differ
diff --git a/images/Less-59.jpg b/images/Less-59.jpg
new file mode 100644
index 0000000..74c4caa
Binary files /dev/null and b/images/Less-59.jpg differ
diff --git a/images/Less-60.jpg b/images/Less-60.jpg
new file mode 100644
index 0000000..024ac73
Binary files /dev/null and b/images/Less-60.jpg differ
diff --git a/images/Less-61.jpg b/images/Less-61.jpg
new file mode 100644
index 0000000..087f805
Binary files /dev/null and b/images/Less-61.jpg differ
diff --git a/images/Less-62.jpg b/images/Less-62.jpg
new file mode 100644
index 0000000..ba2c542
Binary files /dev/null and b/images/Less-62.jpg differ
diff --git a/images/Less-63.jpg b/images/Less-63.jpg
new file mode 100644
index 0000000..da1299d
Binary files /dev/null and b/images/Less-63.jpg differ
diff --git a/images/Less-64.jpg b/images/Less-64.jpg
new file mode 100644
index 0000000..8c14d92
Binary files /dev/null and b/images/Less-64.jpg differ
diff --git a/images/Less-65.jpg b/images/Less-65.jpg
new file mode 100644
index 0000000..2d906c1
Binary files /dev/null and b/images/Less-65.jpg differ
diff --git a/images/Less-66.jpg b/images/Less-66.jpg
new file mode 100644
index 0000000..26d11e4
Binary files /dev/null and b/images/Less-66.jpg differ
diff --git a/sql-connections/setup-db.php b/sql-connections/setup-db.php
index 77584b1..42a806f 100755
--- a/sql-connections/setup-db.php
+++ b/sql-connections/setup-db.php
@@ -98,6 +98,20 @@
+//creating table challenge1
+$sql="CREATE TABLE IF NOT EXISTS security.challenge1
+ (
+ id INT(2) UNSIGNED NOT NULL DEFAULT 1,
+ sessid CHAR(32) PRIMARY KEY NOT NULL,
+ secret_key CHAR(32) NOT NULL,
+ tryy INT(11) UNSIGNED NOT NULL DEFAULT 0
+ )";
+ if (mysql_query($sql))
+ {echo "[*]...................Creating New Table 'Challenge1' successfully";echo "";}
+ else
+ {echo "[*]...................Error creating Table: " . mysql_error();echo "";}
+
+
//inserting data
$sql="INSERT INTO security.users (id, username, password) VALUES ('1', 'Dumb', 'Dumb'), ('2', 'Angelina', 'I-kill-you'), ('3', 'Dummy', 'p@ssword'), ('4', 'secure', 'crappy'), ('5', 'stupid', 'stupidity'), ('6', 'superman', 'genious'), ('7', 'batman', 'mob!le'), ('8', 'admin', 'admin'), ('9', 'admin1', 'admin1'), ('10', 'admin2', 'admin2'), ('11', 'admin3', 'admin3'), ('12', 'dhakkan', 'dumbo'), ('14', 'admin4', 'admin4')";
if (mysql_query($sql))
@@ -114,6 +128,14 @@
else
{echo "[*]...................Error inserting data: " . mysql_error();echo "";}
+
+//inserting data
+$sql="INSERT INTO `security`.`challenge1` VALUES (1, 'd0d310aefdde0f05255ae92e32a833cd', 'L6V5BkVmtW2zEwEsy4BbVf1YZM9OWVCh', 0)";
+ if (mysql_query($sql))
+ {echo "[*]...................Inserted data correctly into table 'challenge1'";echo "";}
+ else
+ {echo "[*]...................Error inserting data: " . mysql_error();echo "";}
+
//CREATE TABLE security.search (id int(3) NOT NULL AUTO_INCREMENT, search varchar(20) NOT NULL, PRIMARY KEY (id));
//INSERT INTO `security`.`search` (search) VALUES ( 'Dumb@dhakkan.com'), ('Angel@iloveu.com'), ('Dummy@dhakkan.local'), ( 'secure@dhakkan.local'), ( 'stupid@dhakkan.local'), ( 'superman@dhakkan.local'), ( 'batman@dhakkan.local'), ( 'admin@dhakkan.com')";
?>
diff --git a/sql-connections/setup-db.php~ b/sql-connections/setup-db.php~
deleted file mode 100755
index b392d31..0000000
--- a/sql-connections/setup-db.php~
+++ /dev/null
@@ -1,125 +0,0 @@
-
-
-
-
-SETUP DB
-
-
-
-
- Welcome Dhakkan
-
-
-
-SETTING UP THE DATABASE SCHEMA AND POPULATING DATA IN TABLES:
-
-
-
-";}
- else
- {echo "[*]...................Error purging database: " . mysql_error(); echo "";}
-
-
-//Creating new database security
- $sql="CREATE database `security` CHARACTER SET `gbk` COLLATE `gbk_chinese_ci` ";
- if (mysql_query($sql))
- {echo "[*]...................Creating New database successfully";echo "";}
- else
- {echo "[*]...................Error creating database: " . mysql_error();echo "";}
-
-//creating table users
-$sql="CREATE TABLE security.users (id int(3) NOT NULL AUTO_INCREMENT, username varchar(20) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (id))";
- if (mysql_query($sql))
- {echo "[*]...................Creating New Table 'users' successfully";echo "";}
- else
- {echo "[*]...................Error creating Table: " . mysql_error();echo "";}
-
-
-//creating table emails
-$sql="CREATE TABLE security.emails
- (
- id int(3)NOT NULL AUTO_INCREMENT,
- email_id varchar(30) NOT NULL,
- PRIMARY KEY (id)
- )";
- if (mysql_query($sql))
- {echo "[*]...................Creating New Table 'emails' successfully"; echo "";}
- else
- {echo "[*]...................Error creating Table: " . mysql_error();echo "";}
-
-
-
-//creating table uagents
-$sql="CREATE TABLE security.uagents
- (
- id int(3)NOT NULL AUTO_INCREMENT,
- uagent varchar(256) NOT NULL,
- ip_address varchar(35) NOT NULL,
- username varchar(20) NOT NULL,
- PRIMARY KEY (id)
- )";
- if (mysql_query($sql))
- {echo "[*]...................Creating New Table 'uagents' successfully";echo "";}
- else
- {echo "[*]...................Error creating Table: " . mysql_error();echo "";}
-
-
-//creating table referers
-$sql="CREATE TABLE security.referers
- (
- id int(3)NOT NULL AUTO_INCREMENT,
- referer varchar(256) NOT NULL,
- ip_address varchar(35) NOT NULL,
- PRIMARY KEY (id)
- )";
- if (mysql_query($sql))
- {echo "[*]...................Creating New Table 'referers' successfully";echo "";}
- else
- {echo "[*]...................Error creating Table: " . mysql_error();echo "";}
-
-
-
-//inserting data
-$sql="INSERT INTO security.users (id, username, password) VALUES ('1', 'Dumb', 'Dumb'), ('2', 'Angelina', 'I-kill-you'), ('3', 'Dummy', 'p@ssword'), ('4', 'secure', 'crappy'), ('5', 'stupid', 'stupidity'), ('6', 'superman', 'genious'), ('7', 'batman', 'mob!le'), ('8', 'admin', 'admin'), ('9', 'admin1', 'admin1'), ('10', 'admin2', 'admin2'), ('11', 'admin3', 'admin3'), ('12', 'dhakkan', 'dumbo'), ('14', 'admin4', 'admin4')";
- if (mysql_query($sql))
- {echo "[*]...................Inserted data correctly into table 'users'";echo "";}
- else
- {echo "[*]...................Error inserting data: " . mysql_error();echo "";}
-
-
-
-//inserting data
-$sql="INSERT INTO `security`.`emails` (id, email_id) VALUES ('1', 'Dumb@dhakkan.com'), ('2', 'Angel@iloveu.com'), ('3', 'Dummy@dhakkan.local'), ('4', 'secure@dhakkan.local'), ('5', 'stupid@dhakkan.local'), ('6', 'superman@dhakkan.local'), ('7', 'batman@dhakkan.local'), ('8', 'admin@dhakkan.com')";
- if (mysql_query($sql))
- {echo "[*]...................Inserted data correctly into table 'emails'";echo "";}
- else
- {echo "[*]...................Error inserting data: " . mysql_error();echo "";}
-
-//CREATE TABLE security.search (id int(3) NOT NULL AUTO_INCREMENT, search varchar(20) NOT NULL, PRIMARY KEY (id));
-//INSERT INTO `security`.`search` (search) VALUES ( 'Dumb@dhakkan.com'), ('Angel@iloveu.com'), ('Dummy@dhakkan.local'), ( 'secure@dhakkan.local'), ( 'stupid@dhakkan.local'), ( 'superman@dhakkan.local'), ( 'batman@dhakkan.local'), ( 'admin@dhakkan.com')";
-?>
-
-
-
-
-
-
diff --git a/sql-connections/sql-connect.php b/sql-connections/sql-connect.php
index 53f4ce7..80cb14c 100755
--- a/sql-connections/sql-connect.php
+++ b/sql-connections/sql-connect.php
@@ -2,17 +2,17 @@
//including the Mysql connect parameters.
include("../sql-connections/db-creds.inc");
-error_reporting(0);
-$con = mysql_connect($host,$dbuser,$dbpass);
+@error_reporting(0);
+@$con = mysql_connect($host,$dbuser,$dbpass);
// Check connection
-if (mysqli_connect_errno($con))
+if (!$con)
{
- echo "Failed to connect to MySQL: " . mysqli_connect_error();
+ echo "Failed to connect to MySQL: " . mysql_error();
}
-else
-{
+
+
@mysql_select_db($dbname,$con) or die ( "Unable to connect to the database: $dbname");
-}
+
diff --git a/sql-connections/sqli-connect.php~ b/sql-connections/sqli-connect.php~
deleted file mode 100755
index 253a8b6..0000000
--- a/sql-connections/sqli-connect.php~
+++ /dev/null
@@ -1,26 +0,0 @@
-
-
-
-
-
-