Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by Name-already-taken on Tue Oct 22, 2013 7:52 am
([msg=77828]see Re: Please ask questions ONLY in this topic.[/msg])

The little girl spelt "Gandhi' wrong . :mrgreen:
Name-already-taken
New User
New User
 
Posts: 8
Joined: Mon Sep 23, 2013 2:01 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by apex123 on Tue Nov 19, 2013 10:21 pm
([msg=78250]see Re: Please ask questions ONLY in this topic.[/msg])

Hi all
Ok, so I've found the original webpage, but only because i guessed the name of it. It is not in the HTML. Seriously, can't see it anywhere. Where was I supposed to find it?
apex123
New User
New User
 
Posts: 2
Joined: Tue Nov 19, 2013 10:17 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Wed Nov 20, 2013 1:56 am
([msg=78251]see Re: Please ask questions ONLY in this topic.[/msg])

Step 1. Ctrl+u
Step 2. Ctrl+f
Step 3. Profit
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1248
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by apex123 on Wed Nov 20, 2013 6:23 am
([msg=78252]see Re: Please ask questions ONLY in this topic.[/msg])

Yeah, I know how to view the source, but there is no mention of the original page in there. Seriously, if I hadn't guessed it I'd never be able to move on. I must be missing something here... i NEED TO KNOW WHERE THE INFO FOR THE ORIGINAL PAGE IS STORED!!!

-- Wed Nov 20, 2013 11:33 am --

Ok, so I've resorted to trawling the internet for answers, because this is annoying me. I don't want help completing the level, I just want to know where to find the name of the original web page. And guess what - everywhere seems to say that it is in a comment in the page source. This comment does not exist. Has the website been re-written recently or something?
apex123
New User
New User
 
Posts: 2
Joined: Tue Nov 19, 2013 10:17 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Wed Nov 20, 2013 6:43 am
([msg=78253]see Re: Please ask questions ONLY in this topic.[/msg])

apex123 wrote:This comment does not exist.

False
apex123 wrote:Has the website been re-written recently or something?

No, it's still there bright as daylight, try using cntl+f on the source and searching for opening html comments. If you still can't find it, I will assume you are blind.

Also, note that it may not be a full URL path, it may simply be a directory.

This as well seems a bit spoilerish to just blantly post the solution to one of the debatably momentousness parts of this mission.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1248
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by DerKopf on Tue Dec 24, 2013 10:35 am
([msg=78585]see Re: Please ask questions ONLY in this topic.[/msg])

First of all, sorry for the english...it's not my native language.


Now, I do the Basic Missions, 70% with forum help. In the realistic mission, the first two were soooo much difficult to me... I have to try everything before succed. My questions is, how do I realize what to do? How I can know that I must use Dir Trav or SQL Iny or that things? 'Cause the problem is not how to do it (I can read), the problem is WHAT to do.

So, if you can help me to understand how to find the WHAT, instead the WHO, i'll be pleased.


p.s: still can't solve realistic level 3
DerKopf
New User
New User
 
Posts: 1
Joined: Tue Dec 24, 2013 10:30 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Unicod3- on Tue Dec 24, 2013 4:59 pm
([msg=78589]see Re: Please ask questions ONLY in this topic.[/msg])

Hallo,

Well the point of the the realistic ones is that the environment is more like something you would find in the the wild...

To be able to discover weaknesses you need to know them first. Someone who has never herd of SQLi before wont know that a form connected to a database could be vulnerable. Where as if you know about it you can try and possibly succeed.

The best thing for figuring out possible vulnerabilities is to learn already common ones and also tinker to discover new ones.

Side note: You cant expect to do all of the missions on HTS at once. Especially when you are still learning. If you needed help with 70% of the basic problems, then you obviously needed to do some more practice and read about the topics more.
Little by little, one travels far” ― J.R.R. Tolkien
User avatar
-Unicod3-
New User
New User
 
Posts: 23
Joined: Sun Oct 13, 2013 10:47 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by billgant on Fri Jan 10, 2014 4:34 pm
([msg=78834]see Re: Please ask questions ONLY in this topic.[/msg])

OK

To people still stuck on this:

1) Find the old page
2) understand what the old page does
3) understand what happens when you do things on the old page
4) use the old page to overwrite the hacked page

This is very easy ... forget PHP ... forget "directory traversal attacks" ... forget mysql injections.

A simple understanding of how the old website works, and what happens when you use the functions in that website, plus a simple understanding of directory structure will help you do this.

keep it simple
billgant
New User
New User
 
Posts: 1
Joined: Fri Jan 10, 2014 4:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by kingandtyrant on Mon Feb 10, 2014 7:52 am
([msg=79395]see Re: Please ask questions ONLY in this topic.[/msg])

Hi, finally finished but I spent so long going down the wrong path I'd like to ask if my idea would have worked:

I planned to use the submission form to overwrite Hacker with an SSI containing the bash move command so that when I opened the Hacker poem the command would execute and oldindex would be moved and overwrite index.

Does this sound like a viable alternative? I think the hint about remembering Basic 8 & 9 is what really threw me.
kingandtyrant
New User
New User
 
Posts: 1
Joined: Mon Feb 10, 2014 7:36 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by xenirox on Thu Feb 13, 2014 9:33 am
([msg=79459]see Re: Please ask questions ONLY in this topic.[/msg])

i spent half a day looking what i've missed.
Now the mission is done
xenirox
New User
New User
 
Posts: 1
Joined: Thu Feb 13, 2014 9:29 am
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests