got username but still cant login

i did it :D
if any one will have the same problem then try to use UNION ALL SELECT, not UNION SELECT

i did the following.if you want to figure it out by yourself dont watch.

i tried http://www.hackthis.co.uk/levels/s2.php?browse&q=‘ UNION ALL SELECT 1,2– and it didnt work i only got the name but cant find te password and i dont know how to find it

think about it, what did UNION ALL SELECT return? Why sis you use UNION ALL SELECT 1,2–? oh and the column names are username, admin, and password just to let you know.

first I taught to use havij.rar, but then i taught using havij wont be a wise thing to do because it wont help me to learn SQL, this is just a short cut of find the username and password.

try something else and proceed to the problem and it will start…

just try..

PEACE

Just try to pick it directly from the password column
You can add a condition to the end that you just get the password of the user with the name of the admin so it should be pretty easy when you are already into it

one way to do it is to find the admins, the admin’s username, and password separately, or the second way is to use a WHERE statement to get the admin’s username, then the password. A note here should be that one tries to find them one at a time, and from the same vulnerability. I think I’ve already said too much

Easy anyway.. You just have to get into it after doing that it’s pretty easy.
You should always start with generating an error to see what the SQL part looks like.. Then you can easily inject it and find first the admin then the password..

I don’t know if we’re allowed to tell this, but the password is in >> SHA-1

Don’t think this will be any problem.. when you got the password then there are many ways to find its real value.
But I wouldn’t call it ‘encrypted’ still sounds like you could decrypt it and that’s not really possible.