Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: stumped

Post by rjstark on Mon May 26, 2008 2:29 pm
([msg=3270]see Re: stumped[/msg])

-----------I HOPE THIS ISN'T A SPOILER-------------
IF SPOILER
MESSAGE.EDIT() && AUTHOR.APOLOGIZE()
END IF
-----------I HOPE THIS ISN'T A SPOILER-------------

I'm stuck too. I think that I'll use either (1) r**dp**m.php and SQL injection or (2) sub***p**m*.php and SSI injection...

(1) r**dp**m.php and SQL injection
===============================
No matter what I submit, it always just says "Your poem was successfully added. Thank you for your contributions"

(2) sub***p**m*.php and SSI injection
===============================
No matter what I submit, it always just says "That isn't allowed weirdo"

Is that right?
rjstark
New User
New User
 
Posts: 1
Joined: Fri May 23, 2008 2:20 am
Blog: View Blog (0)


Re: stumped

Post by keanu1031 on Tue May 27, 2008 9:14 pm
([msg=3379]see Re: stumped[/msg])

I'm stuck too. I think that I'll use either (1) r**dp**m.php and SQL injection or (2) sub***p**m*.php and SSI injection...

(1) r**dp**m.php and SQL injection
===============================
No matter what I submit, it always just says "Your poem was successfully added. Thank you for your contributions"

(2) sub***p**m*.php and SSI injection
===============================
No matter what I submit, it always just says "That isn't allowed weirdo"

Is that right?


You don't need SQL injections or SSI for it. Think of how it loads the poem - file.php?name=The Idiot
She said that they are saved, but aren't listed until approved. Combine that with what Jheshka about dir trans.

If these are too close to spoilers, send me a PM so I'll know to be more vague in the future.
keanu1031
New User
New User
 
Posts: 3
Joined: Tue May 27, 2008 4:39 pm
Blog: View Blog (0)


Re: stumped

Post by Nocteria on Thu May 29, 2008 6:56 am
([msg=3499]see Re: stumped[/msg])

I am defnitly doing something wrong.. I have found the old site.. all of its pages (i think)..

but whatever I try to do it doesnt seem to work..

I know where to do input ... but i dont get the directory transversal since everything seems to be in the same directory.

EDIT: nevermind i idid it.. i was forgeting the ../
Nocteria
New User
New User
 
Posts: 4
Joined: Wed May 28, 2008 8:28 am
Blog: View Blog (0)


Re: Need help again :D

Post by blackprince491 on Thu May 29, 2008 5:23 pm
([msg=3578]see Re: Need help again :D[/msg])

i spent longer than 2 days doin most of the realistic missions
“If I lose the light of the sun, I will write by candlelight, moonlight, no light. If I lose paper and ink, I will write in blood on forgotten walls. I will write always."
blackprince491
Poster
Poster
 
Posts: 209
Joined: Thu May 15, 2008 12:23 pm
Blog: View Blog (0)


Re: stumped

Post by blackprince491 on Thu May 29, 2008 5:25 pm
([msg=3580]see Re: stumped[/msg])

lol forget the smallest thing and it could be hours of annoyance and pain
“If I lose the light of the sun, I will write by candlelight, moonlight, no light. If I lose paper and ink, I will write in blood on forgotten walls. I will write always."
blackprince491
Poster
Poster
 
Posts: 209
Joined: Thu May 15, 2008 12:23 pm
Blog: View Blog (0)


Re: stumped

Post by nezus on Wed Jun 04, 2008 1:22 pm
([msg=4000]see Re: stumped[/msg])

:cry: :cry: :cry:
I'm still on the hacked page ... and i had readed the source again and again but there isn't any clues, inputs or URL ...
I really dont know how to find an exploitable file ... i'm still thinking, but a hint'll be sure welcome :p

[edit] : Must we use the text input from basic 8 to execute shell cmds ?

[edit]2 : i hadn't read enought the source -_-'
nezus
New User
New User
 
Posts: 2
Joined: Sun Jun 01, 2008 11:57 am
Blog: View Blog (0)


Re: stumped

Post by rejelx on Fri Jun 06, 2008 12:13 pm
([msg=4129]see Re: stumped[/msg])

I managed to replace the old page. But how can I find the name of the attacker and send it to PeacePoetry?
rejelx
New User
New User
 
Posts: 1
Joined: Fri Jun 06, 2008 12:11 pm
Blog: View Blog (0)


Transversing help

Post by coltlacrosse on Fri Jun 06, 2008 2:33 pm
([msg=4145]see Transversing help[/msg])

I read about what directory transversal is used for but I don't understand how one would go about applying it. Will someone please list a helpful site or post an example of using directory transversal?
coltlacrosse
New User
New User
 
Posts: 3
Joined: Thu Jun 05, 2008 6:15 pm
Blog: View Blog (0)


Re: Need help again :D

Post by coltlacrosse on Fri Jun 06, 2008 2:36 pm
([msg=4146]see Re: Need help again :D[/msg])

momumin wrote:So i'm guessing you've found the old page right?
Well first of all you need to find out how the system works , trying making a page, what is the file named as?
*hint* You have to overwrite the homepage using directory transversal.


Do you mean actually make a webpage? Wouldent the file be named whatever you save it as?
coltlacrosse
New User
New User
 
Posts: 3
Joined: Thu Jun 05, 2008 6:15 pm
Blog: View Blog (0)


Re: Transversing help

Post by Damascus2k8 on Sat Jun 07, 2008 1:31 pm
([msg=4191]see Re: Transversing help[/msg])

Wikipedia: http://en.wikipedia.org/wiki/Directory_traversal

In windows/dos command-line type > dir /ad
In UNIX/Linux command-line type ? ls -al

The top two entries in the directory listing would be something like (dos)
06/06/2008 19:54 <DIR> . <-- Means Current Directory
06/06/2008 19:54 <DIR> .. <-- Means Previous Directory

so typing 'cd ..' will take you back one directory. Thats what it basically means, but using it on the web it is effectively a way of changing the path a page uses to locate a particular file, for example:

A web page looks for its products list in, say a file that is chosen based on user input and stored in a variable (eg. $filename), and then it looks for that file in /files/lists/products -
Code: Select all
$filename = $_POST['list'];
$file = "/files/lists/products/" . $filename;
.....


By using the directory traversal technique we would pass something like "../../something" as $filename, which would make $file look like this:
$file = "/files/lists/products/../../something"
which basically equals to $file being directed to /files/something because the ".." parts say 'go back a directory'.

Its pretty easy once you get the hang of it. Sorry if that doesn't seem very clear but i tried! :D
There is a pretty good description at the wikipedia link at the top of this post.

Hope that helps.


C0362AF19B89E861F21485CE1D2B430E



"Change your thoughts and you change your world!"
Damascus2k8
Experienced User
Experienced User
 
Posts: 68
Joined: Mon Apr 14, 2008 8:18 pm
Location: /root
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests