Hack This Site!

[Advertise With HackThisSite.org :: Hide These Ads]

"The world has never doubted the judgment at Nuremberg. But no one will trust the work of these secret [Bush Administration] tribunals." -- P. Sabin Willett

Guide to Real 16
Published by: liuyuan, on 2007-08-18 00:53:26
Real 16 Please DO NOT pm me right now, I'm away from the site for a while. This article also shows you how to effectively use our new bbcode system Prelude Ballde finale finale ultimo Prelude Hello, faith again, been a while since I've wrote something... busy dealing with HTS and stuff. This mission is coded by Chuckie_ice, who in fact is one of the Devs that made the bbcode system. The missions, request by johnny, asks you to spy on his girlfriend. sigh, and for some reason, you've decided to accept the mission. (let's ignore the fact we get heaps of points for now ;]) [faith]Great! you've just found out about the spoiler boxes! Hover to view all spoilers! Before you go on any further, please note that this article is filled with spoilers! And extreme spoilers will be posted in pink boxes. [/faith] What you need in this mission are... -Some php skills -a flash decompiling program {I used Sothink} -packet sniffer {I used wireshark} -Hacker instinct -Some basic html skills and knowledge about directory transversal Ballde So, we see you simple design, we admire the function, we see the registering section, and we resister ourselves an account. Okay, now you're one of them, they'd never suspect you'd be hacking them, right? =D Anyways, enough of that. Remember there¡¯s a hall of shame, hall of generosity and a HTS radio on the site? How did you find them? Go ahead and do what every hacker do first. [faith]cough basic one[/faith] After you found the page, you'd see yourself facing a flash login :S decompile? Nice try, but it's encrypted. We need to find where it's checking stuff from this is where we use our wireshark. Start wireshark up (if you use wireless, Turn off permiscious mode =D) and start sniffing, oh wait whats all this rubbish? We need to filter out all that junk, [faith]Just filter http requests[/faith]. Now we see it is looking for [faith]c***.t[/faith] So we goto that file [faith]/16/c***.t[/faith] and we start reading info from it. Wait whats that!?! D: That means we can edit something... and over write it? So we know we need to edit the [faith]c***.t[/faith] to give us access, But how do we do that :( thats right! [faith]Go look around the source again[/faith] So we modify something in the userpanel, to over write something else. Please DO NOT pm me right now, I'm away from the site for a while. [faith]This is what you should have, something like.. auth_page="some page"&"statement allows you to login""symbol the get rid of rest of the signs"[/faith] Our hacker instinct should be burning right about now because we are 3/4 of the way there :D. [faith]if you don't know what statement allows you to login... check back at the file you've found... ath.php [/faith] You've tried and tried to over write the c** file, but you're failed. What do you do? Remember how the login page says you could register with symbols? [faith]Directory transversal.. Think about what you could put for your username..[/faith] Now go back to the page with the flash file you're found. Login with anything, if you did it right, it should log you in. You should be in by now, If you aren't, Make sure your logged into hackthissite.org! Or pm liuyuan, go on irc, _do NOT_ submit bug report for missions helps unless you're sure that they're broken. Ok we see a Admin Panel with a few options, and if you were like me you are clicking them like crazy right about now ;) Can you also see that little [faith]flash button named Check Email?[/faith] I think it's time to rip out that Flash decompiler :D, Oh wow, see that! Just there? Yes thats its [faith] it should say &l=? [/faith] Now, just type that into the url with the person you want to haxx. =] make sure it's the full address. Finale In the end you'd get a message, and feel sorry for the poor guy. If there are any questions, feel free to leave a comment. Make sure when you're at the step about change c*.t, you have all three elements. I hope i didn't spoil this mission too much. Finale ultimo This mission teaches you about - Packet sniffing, how to find where data are going and coming from - Directory Traversal - exploit weakness of unfixed bugs - flash decompiling - never cheat on your boyfriend Thats all folks :) Win!
Cast your vote on this article *Note: the order of the votes has been reversed.

Comments:
Published: 30 comments.

Page: [1] 2

liuyuan - 07:54 pm Friday August 17th, 2007

Wow... /me cried at the spoilers before. Tell me if there\'s anything else i should take out.

vicarious - 08:06 pm Friday August 17th, 2007

I likeee it 10/10!

Alot of spoilers, well, spoiler boxes anyway xD

:D

TheRu5H - 09:50 pm Friday August 17th, 2007

nice

nukeguy - 01:23 am Saturday August 18th, 2007

i always have the right idea but always in the wrong direction and usage. XD w/o this ill be lost forever. thank you :*

ratcateme - 02:37 am Saturday August 18th, 2007

Thanks great article 10/10
i am still lost with c***** and the userpanel but this was a great help thanks :)

Fatchoco - 03:00 am Saturday August 18th, 2007

I didn\'t notice they add real 16 o_O;;

Nice article anyway =)

bluesun - 05:35 am Saturday August 18th, 2007

Linuan...You dont need packet sniffer for this mission,u can break in the encryption like this[LOL wireshark was too large for me to download]
You uncompress the login.swf and save its resources,and hex Read them..There are all your files!!!!!DUMPED

yourmysin - 08:38 am Saturday August 18th, 2007

Bluesun, there are alwasy many different options. None of the missions have included packet sniffing, so we are pushing users to go this method and learn something new.

thetrojan01 - 10:55 am Saturday August 18th, 2007

QUOTE:
__________________________________
- never cheat on your boyfriend |
__________________________________|

LOL

thetrojan01 - 11:07 am Saturday August 18th, 2007

I stuck here: (now i am more confused):

Go look around the source again
-------------------------------------
So we modify something in the userpanel, to over write something else.
-------------------------------------

????? HuH? more simple??

bluesun - 12:59 pm Saturday August 18th, 2007

U r right yourmysin,
But i wanted to make this knowledge known to everybody too,as then some would follow those steps blindly and find no other way for solving it!
*****KEEP YOUR EYES OPEN AND YOUR EARS SHARP******

liuyuan - 02:39 pm Saturday August 18th, 2007

thetrojan01, look at the source of your user panel, maybe there\'s something else hidden...

and @bluesun, lol, you spelled my name wrong :S..

thetrojan01 - 04:37 pm Saturday August 18th, 2007

ok, sorry and thank you! :)

thetrojan01 - 04:38 pm Saturday August 18th, 2007

**oh.. sorry for the \"double post\" but... you said the @bluesun spelled your name wrong... ok... just thank you VEEEEEERY mutch! :)

Batch - 05:54 pm Saturday August 18th, 2007

Good Job Faith ;)

system_meltdown - 06:36 pm Saturday August 18th, 2007

LiveHTTPHeaders extension for firefox works just as well as Wireshark/Ethereal ;)

thetrojan01 - 06:40 pm Saturday August 18th, 2007

yeap i agree

thetrojan01 - 06:40 pm Saturday August 18th, 2007

first time i did it this way

eljonto - 12:47 am Sunday August 19th, 2007

bah\' im stuck on the directory transversal in the username

eljonto - 12:55 am Sunday August 19th, 2007

wait, no, now im trying to get a*th*d to equal true lol

Moody - 06:01 am Sunday August 19th, 2007

10/10 Realy nice guide. Helped me a lot. Thanks.

thetrojan01 - 06:27 am Sunday August 19th, 2007

yeah eljonto me too
if i put .. for my user username then the flash script laaaaaaaagssssssssss......

Hey... do you mean the username in the Flash?

thetrojan01 - 06:28 am Sunday August 19th, 2007

ah and 10/10 ;) helped a LOT

thetrojan01 - 06:30 am Sunday August 19th, 2007

Hey !! I cought the id of the admin.... I logged in.. but i dont want to pass the mission this way... stuck again on the directory transversal in the username

liuyuan - 11:03 am Sunday August 19th, 2007

the id of the admin? wtf :S.... There should be no id nor password. They\'re not needed, after you modify some pages. It helps you to trick the system into thinking that you\'re admin.

nippy93 - 02:26 pm Sunday August 19th, 2007

im stuck... i dont understand were this authed thing is going? and what to put. 10 anyways coz its still a good article. oh and does anyone know when the forum will have real 16 on there?

liuyuan - 02:36 pm Sunday August 19th, 2007

the page is going to the file you\'ve modified so much, the forum is up as soon as nyko gets online :p

dreaken667 - 10:53 pm Sunday August 19th, 2007

just a quick note:
\"symbol the get rid of rest of the signs\" is not necessary, the script doesn\'t read the rest of the line

Nice article: I already did this one in a slightly different fashion, but you covered all the high points rather nicely

thetrojan01 - 05:27 am Monday August 20th, 2007

dreaken667, it is, cuz after this, the script puts a GET variable \"id\", at the **m*n.**p

bluesun - 07:10 am Monday August 20th, 2007

I think actually there isnt any file named c*****.t** in the server,the program check the POST data and writes them as config.txt,bcos try replacing the / before c*****.t** with %2F ie
....../16%2Fc*****.txt**

***Error***16/c*****.t** not found in server***What does it say....It checks the headers?
Admins please check this????

Page: [1] 2

This site is the collective work of the HackThisSite staff. Please don't reproduce in part or whole without permission.
Page Generated: Fri, 21 Nov 2008 05:05:51 -0500 Exec: 11
_{Page loaded in 0.16122 seconds!}

Donate

Challenges

Get Informed

Get Involved

Communicate

About HTS

Translate

Partners

Real 16

Please DO NOT pm me right now, I'm away from the site for a while.

This article also shows you how to effectively use our new bbcode system

Prelude

Ballde

Please DO NOT pm me right now, I'm away from the site for a while.

Finale

Finale ultimo