Basic Mission 4

Learn new things
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts, etc.]

Posting these will result in warnings/bans!

Re: Basic Mission 4

Post by limdis on Fri May 16, 2014 9:43 pm
([msg=80768]see Re: Basic Mission 4[/msg])

freetree wrote:I just *did what I needed to solve the mission.* My question is this is the way to crack this mission?

Yes it is. Watch the spoiler content in the future though. If you have specific questions on any mission ask to PM someone, or PM me.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1311
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Basic Mission 4

Post by Wolfloth on Tue Jun 10, 2014 1:58 pm
([msg=81333]see Re: Basic Mission 4[/msg])

That is so clever... And thank you so much for these challenges, and the opportunity to learn these things.
Wolfloth
New User
New User
 
Posts: 1
Joined: Tue Jun 10, 2014 1:56 pm
Blog: View Blog (0)


Re: Basic Mission 4

Post by Raida on Wed Jun 11, 2014 7:37 am
([msg=81339]see Re: Basic Mission 4[/msg])

Hi, complete beginner to html (or even any sort of programming). Just curious, what other methods are there to solve this? I solved it just like how the topic suggested, but the sentence 'There are a couple of ways to do this one' is bothering me.

please pm me about it if this should not be discuessed openly.
Raida
New User
New User
 
Posts: 1
Joined: Wed Jun 11, 2014 7:34 am
Blog: View Blog (0)


Re: Basic Mission 4

Post by -Ninjex- on Wed Jun 11, 2014 9:35 am
([msg=81341]see Re: Basic Mission 4[/msg])

Raida wrote:Hi, complete beginner to html (or even any sort of programming). Just curious, what other methods are there to solve this? I solved it just like how the topic suggested, but the sentence 'There are a couple of ways to do this one' is bothering me.

please pm me about it if this should not be discuessed openly.


Feel free to pm me the way you completed the challenge, and I can discuss the different methods you can use to complete this challenge.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1172
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Basic Mission 4

Post by Misanthropydotexe on Mon Jun 16, 2014 12:06 am
([msg=81461]see Re: Basic Mission 4[/msg])

Alrighty, I think I have the solution.

However, I'm running into a problem that's completely unrelated to whether or not my solution is correct. I am unable to explain my problem without giving away what I think is the solution (and if I am correct, I would be giving away a spoiler).

Anyone mind me shooting a PM to them so that they can maybe explain to me why I'm having the problem I am so that I can find a fix for it and move along to testing my solution?
My armor is Contempt. My shield is Disgust. My sword is Hatred.
Respect not pity or weakness, for they are a disease which makes sick the strong
User avatar
Misanthropydotexe
Experienced User
Experienced User
 
Posts: 89
Joined: Tue Jun 03, 2014 10:54 pm
Blog: View Blog (0)


Re: Basic Mission 4

Post by newghost420 on Sun Jul 06, 2014 2:34 am
([msg=81996]see Re: Basic Mission 4[/msg])

fashizzlepop wrote:
RandyRedBull wrote:Brand new to the site and HTML so of course I'm having trouble here. Besides saving the page and editing myself, I'm unsure of how to altar the value that needs changed. Any tips?

Edit: I've figured out how to edit it by looking around on the forums, but I feel like using a program is defeating the purpose of the lesson?

Mission 4 is supposed to be solved using the first method you mentioned. 5 has an extra referer check. For 5, I suggest using inline JavaScript.


4 and 5 were exactly the same method for me...
newghost420
New User
New User
 
Posts: 2
Joined: Sun Jul 06, 2014 2:12 am
Blog: View Blog (0)


Re: Basic Mission 4

Post by mShred on Sun Jul 06, 2014 12:43 pm
([msg=82003]see Re: Basic Mission 4[/msg])

newghost420 wrote:4 and 5 were exactly the same method for me...

fashizzlepop wrote:Mission 4 is supposed to be solved using the first method you mentioned. 5 has an extra referer check. For 5, I suggest using inline JavaScript.

Jesus. Fuck.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1687
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Basic Mission 4

Post by Xuid on Sun Jul 13, 2014 7:56 pm
([msg=82212]see Re: Basic Mission 4[/msg])

Hacking newbie here and i'm sorry if what i'm about to ask is really obvious or dumb but this is making me really confused. I just completed challenge 4 and 5 doing the EXACT same thing. I replaced THE THING with MY OWN THING, to put it as cryptic as I can, in the code but this bugs me since I thought you couldn't change code in anyway, just look at it, if that's not the case then please inform me. :) The second thing that bugs me is that I could complete 4 and 5 the exact same way, does this mean I didn't use the solution one is supposed to use? If so did I miss out on learning something critical?

Thanks in advance, sorry for the english it's not my native tongue.
Xuid
New User
New User
 
Posts: 1
Joined: Sun Jul 13, 2014 7:50 pm
Blog: View Blog (0)


Re: Basic Mission 4

Post by limdis on Mon Jul 14, 2014 12:35 pm
([msg=82223]see Re: Basic Mission 4[/msg])

I find it interesting that everyone posts in this thread opposed to the mission thread for basic 5 when the "I did this the same way" thing comes up. Alright, guys, I addressed this already in basic 5. See here:

If you are reading this it is likely for one of two reasons. One, you aren’t sure why the same method to complete Basic 4 isn’t working. Or, two, you are wondering why this was solved the same you completed Basic 4. I’ll explain.

In Basic 4, Network Security Sam was not verifying referers which is why if you chose to complete the challenge by recreating the webpage on your desktop it worked. You performed a VERY crude example of a cross-site request forgery (CSRF) attack. Because the referer was not being validated it allowed you to send the request from a different host (i.e. yourself).

Now, what I just said might have confused you. That's alright, take some time later to Google it. Remember these are basic missions right now! However, in Basic 5, Network Security Sam fixed his code. This time the request HAS to come from his site. With HTML alone you cannot change what is on a webpage, as you have (hopefully) already found, so it’s now time to dive into Javascript! You will need to perform what is called a Javascript Injection to change where the password is sent this time.

If you used a tool, you very likely performed a javascript injection. Didn't know that? Well that's why you should read up on how things work. Don't know what that is? Well, google it first and if you have questions afterwards then ask. I'll take specific questions on these challenges via PM if you want a more in depth explanation. But if I get "I used firebug to complete both what's the difference?" I'm going to ignore you for being an idiot.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1311
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Previous

Return to Basic

Who is online

Users browsing this forum: No registered users and 0 guests