Ninjex's Realistic Challenge #2

This is the place for ALL of the user submitted challenges. If you create a little challenge/mission/riddle/whatever, post it here.
Forum rules
Do not post missions that you did NOT create without proper citing.

Ninjex's Realistic Challenge #2

Post by -Ninjex- on Fri May 10, 2013 5:56 pm
([msg=75538]see Ninjex's Realistic Challenge #2[/msg])

Mission Location: http://missions.securityspot.org/xsrf
Summary: This challenge is not as hard as the previous, but it's still pretty fun, and I hope you all enjoy it!

Challenge Description:

Hello, dear friend from the inter-web,
I heard that you are pretty good with hacking and all. I somehow have managed to put myself in a real tight spot. I went to test out this new banking / social networking site located at: missions.securityspot.org/xsrf I placed $100,000 in my bank, and then the next day I noticed that the owner of the site made an unauthorized transaction from my account, sending himself all of my money!!! This is completely messed up, and it has taken me years to save up this kind of money! Please, if you can look into this, and get my money back to my account, and delete all the transaction logs from the owner's page, without any traces or visible evidence, I would be more than happy to throw some of that money your way!

The Administrator has recently disabled the ability to sign up, so you may need my login.
Here it is:
Username: Rekcah
Password: 37jfsuf897e8rf

Thanks in advance,
Rekcah
Last edited by -Ninjex- on Sun May 12, 2013 6:52 pm, edited 1 time in total.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
^(-.^)>
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1455
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Ninjex's Realistic Challenge #2

Post by mShred on Sun May 12, 2013 2:17 pm
([msg=75566]see Re: Ninjex's Realistic Challenge #2[/msg])

Though I did help you code review the challenge, I never really looked into the challenge itself exactly. I'll still have to look around at it. See if I can't get this one.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1766
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Ninjex's Realistic Challenge #2

Post by -Ninjex- on Sun May 12, 2013 4:02 pm
([msg=75572]see Re: Ninjex's Realistic Challenge #2[/msg])

mShred wrote:Though I did help you code review the challenge, I never really looked into the challenge itself exactly. I'll still have to look around at it. See if I can't get this one.


Yes, thank you for the code review as well.
You have helped open my eyes to some subjects, as well as show me the other end of what happens.

For instance, I know how to do XSS/SQLi, and I know exactly how it works. You seem to be helping me a lot on the measures to prevent these things from happening, and now I see why these errors exist so often. So for that, I thank you.

For anyone interested, about hacking, I highly recommend that if you know how something works, next take the steps which would prevent these things from happening, as it will really shed light on the subject for you.

As for this challenge, I wanted to make it a bit different, than normal.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
^(-.^)>
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1455
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Ninjex's Realistic Challenge #2

Post by LoGiCaL__ on Sun May 12, 2013 9:27 pm
([msg=75575]see Re: Ninjex's Realistic Challenge #2[/msg])

-Ninjex- wrote:For anyone interested, about hacking, I highly recommend that if you know how something works, next take the steps which would prevent these things from happening, as it will really shed light on the subject for you.
.


+1
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)



Return to User Submitted

Who is online

Users browsing this forum: No registered users and 0 guests