Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by conscience on Thu Feb 16, 2012 5:09 pm
([msg=64425]see Re: Please ask questions ONLY in this topic.[/msg])

strongard wrote:ok I red the forum and I sum up all the forum of poetry peace to 2 principle ideas

1)use directory traversal
2)put the original script of the old place somewhere

for the first idea

directory traversal made nothing special , except that it shows me a white webpage in which there is a box and add poetry
then I copied the script of the peace poetry page (the original page) and put it in the box and press add and it made nothing

i red all links and hints in the forum but nothing help

i need help please
help me
and thanks


You can put something "in production". Although it will first reside in a temporary place (as described on the page itself), you can use d.t. as mentioned. The rest is up to you. Put the something somewhere.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Thu Feb 16, 2012 11:58 pm
([msg=64430]see Re: Please ask questions ONLY in this topic.[/msg])

wow this is a very big hints it helps me a lot , I am serious man and you tell me use google 1337 skills
I do not joke I need a hint and I am proud of being conscious of my ignorance

anyone please can help me with a helpful hint I am stuck

-- Fri Feb 17, 2012 12:01 am --

do you mean that once I am in the white page with only add poem I need to add something in the url or you mean another thing , wha do you mean exactly???

-- Fri Feb 17, 2012 11:28 pm --

I see in the forum hints like "You have to overwrite the homepage using directory transversal" or "What you need to do is get the source code of the original website, and exploit a php code to replace a different file..."

and I wonder how people like that call themselves hackers and give hints to other beginners like me ,

answer is that they go to see the answers to solutions in youtube and other sites then they come here and they say
it is easy I solve it , i am proud of myself , I really easy and because they did not suffer and undergo thousands of deceptions to solve the challenge they not only stay ignorant and does not progress but also they block the way for others (who want to learn honestly without cheating themselves) by writing only misconceptions and wrong , false hints
I remember I was a member in an other hack site in which I took 6 months to find the solution to a challenge


"You have to overwrite the homepage using directory transversal"

let me make something clear:

OVERWRITE is to destroy data in a file by entering new data in its place ""You have to overwrite the homepage using directory transversal" I want to learn and please help me to learn HOW TO SOLVE THESE CHALLENGES
and people who will reply to me , please give me something useful or stay silent better to stay without a HELPFUL hint than to read 100 USELESS hints

heraclitus :" a man costs one hundred men if he is useful meanwhile they are useless"

DIRECTORY TRAVERSAL is a form of http exploit used on a web server to access data in a directory other than the server's root , if we have for example C:/dd/ff/gg/ using ../ gives C:/dd/ff/ using ../../ gives C:/dd and if we want to access a file submit.txt in dd make like this ../../submit.txt , so directory traversal is used to access only a hidden file in which there is sensitive data like the password or configuration files , or id or usernames and NOT TO OVERWRITE (destroy data and entering other data ) or REPLACING a file data by other data

I do not pretend to know or to learn others but I feel only disgusted when I see sentence like that

this is why the forum does not help me because i read only bullsh....
the forum makes me lost

help me please solve this challenge I need a helpful hint
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Feb 18, 2012 5:39 am
([msg=64451]see Re: Please ask questions ONLY in this topic.[/msg])

What's wrong with you, man? There's a functionality on the site which allows you to send data to the server which gets stored somewhere. You said that you found that already. Yes, you put your something there. However, the location where data gets stored is not suitable for you, so you'll have to apply the several-times-mentioned directory traversal technique to a particular data. This is kind of spolish enough already. If you still don't get it, look up server side scripts, especially data handling and also HTML forms. And stop expecting others to spoon-feed you. We won't just give the solution away.

HTML forms working together with server side scripts, rtfm

PS.: And look up dir trav as well since you obviously don't get it yet. For a hint on this one: D.t. is for nothing but changing directories (diverting paths to be more precise). This time it's the target directory for writing something.
You have to overwrite the homepage using directory transversal

This is 100% correct.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Sat Feb 18, 2012 12:23 pm
([msg=64456]see Re: Please ask questions ONLY in this topic.[/msg])

strongard wrote:help me please solve this challenge I need a helpful hint

I got a helpful hint for you: give up. If you can't be bothered to think, but still think you can accomplish well, anything in life for that matter, you have a very wrong view on the world. Everyone can cop an attitude and if you're perfectly happy with doing it yourself DO SO and don't ask for help. As for the 1337 google skills, you really are asking hellow533 to make fun of you.

Now, if you've calmed down, please do the following:
1. Forget everything you looked up and learned and redo the challenge just as you would from scratch.
2. Inspect the page as you always should.
3. Try to think how things work and why they do the things they do.
4. Try to think what happens to stuff you put on the page (what does the server do with what information).
5. Think how you can exploit that so instead of doing what it does, it does something you want it to.
6. If you still have a problem finding stuff out and it's (hopefully) not your brain that's lacking, it's your knowledge: THEN go look for information and try again. Repeat from step 2 until you know what you should do.

This is the best I can do without spoon-feeding you. However, I'm tempted to say the above almost goes beyond that. Remember: there is no greater good than finding out something yourself so you can be proud of what you've accomplished. PM me if and only if after 24 hours of trying you still have no idea.

EDIT: After reading your other comments, I think I know what your problem is. You seem to have a pretty good grasp on knowledge, whether you found it or know it (can't say which). The problem is, you have no idea how to use it.
Example:
Say you know that a telephone company internally uses a tone of 2600 Hz to signal that a call is over. That tone is sent over the telephone-line and (for example) the first switch it comes into contact with will know the call is over and stop charging you for it. Secondly you know that a telephone just converts your voice to tones sent on the line. This is the part where you put 1 and 1 together: if you whistle a tone of 2600 Hz into the telephone, the switch will think the call is over and the rest of the call is free. That's what hacking is about, going outside of the normal thinking and use that to your advantage. Free your mind...
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 821
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Sat Feb 18, 2012 6:34 pm
([msg=64464]see Re: Please ask questions ONLY in this topic.[/msg])

I will never give up never ever , I will beat all the challenges in this site even if I stay 10 years trying , even if I die in trying
I will never give up , never never ever

as for what you said :"you really are asking hellow533 to make fun of you" I respond

"let heavens and men and devils let them all , all cry shame against me yet I will speak"

your paragraph is very instructive and "conscience" paragraph they are both rich and I need to eat these two paragraphes , swallow them and digest them and then progress to find the answer for the challenge
I will try and try until I solve this challenge

believe me I HATE SOMEONE TO GIVE ME THE ANSWER ; I HATE THE ANSWER ; I AM IN CONFLICT WITH ANSWER
I understand today that TO HACK something is to surpass it , is to assert a fundamental rationality or supernatural element in the experience and therefore it is not enough to train for hours and hours we must be genius.
to achieve that
1)I must grasp the fundamental techniques
2)understand completely the proprieties of the system and its weak points , howsoever is sophisticated
3)attacking
4)surpassing it
my tools should be

1)information
2)precision
3)understanding
4)realism
5)vigilance

I will pm if I am again stuck
thank you for you and for "conscience

-- Sun Feb 19, 2012 7:56 pm --

finally I solve it

I understand how to overwrite a file and how the system works

if for example we take a notepad and we write "hellow533 makes fun of strongard" in the notepad and save it as baby.txt
in C:/windows then we take another notepad and write "strongard solves the challenge and now makes fun of hellow533" and save it as baby.txt and in C:/windows , the first content in the first notepad will be replaced by the content of the new notepad "this is called to overwrite a file" , in order to overwrite a file with another two conditions should be fullfilled

1)they should be saved as same name and extension
2)they should be saved in the same location

as for the system and how it works it will be saying a lot

but to be sincere
1)this challenge is not easy as it is rated
why?
1)it is based on only one level hierarchical structure between the base directory and the other directories
2)there are two pages in which you can submit the file source (with ,each, two small boxes and two big) one is fake the other is real (consider this as a big hint) and this is to make the student lost. lost because this challenge is based on imagination more than logic and lost as a consequence because nothing is more dangerous than the challenge and exams and wars that are based on brute force and the measure of probability and random variables ...
the more the brute force increases the more the difficulty of the challenge increases

realistic 1 is based on math+ software technique
realistic 2 is based on traditional technique of injection
but realistic 3 is more imaginative this is what makes the majority lost
now I will begin the war against the moderate challenge
feel free to edit if it spoil
best regards for all developers and moderators
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Psycho_Valentine on Sun Feb 19, 2012 9:00 pm
([msg=64480]see Re: Please ask questions ONLY in this topic.[/msg])

Hi there,

I've managed to get through all the Basic missions and the first couple of Realistic Missions either on my own or with the helpful hints within the forum. However, Realistic 3 really puzzled me! After 2 and a half solid hours of going back and forth trying different ideas, I finally completed it. However, I'm not entirely sure how/why what I did worked. My question is, would someone mind PM'ing me to discuss how this worked? Like most people here I do these missions in order to learn methods and techniques within hacking, and so far I have understood everything I've come across, but this one really has me stumped even after completion :? Thanks in advance for any help offered :)
Psycho_Valentine
New User
New User
 
Posts: 1
Joined: Sun Feb 19, 2012 8:54 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Mon Feb 20, 2012 4:08 pm
([msg=64504]see Re: Please ask questions ONLY in this topic.[/msg])

I hope that I can hellp you but I am not qualified yet to explain to you as I am a beginner , with a very weak level a noob whose teachers are the genius adminstrators of this site , I have an experience only of 2 months and 5 days , before i become a student in this useful and instructive site , i was in other dutch site of hack challenges , it was good but the adminstrators are arrogant , impolite and they try the impossible to make the user unable to solve the challenge , because they want to stay the number ones , they hidden the secret of information because not all the techniques of hack are revealed in google , there are a lot of very dangerous technique of hacking especually in cryptography , 128 bits hash , social engineering and the " super user concept in windows and linux , for example with the super user you can access any computer whatsoever is its system of security but in one condition that this computer is the absolute server adminstrator connected to other computers with a limited privileges , like in cyber cafee , public cyber point
but you say something that confirms my word poetry peace challenge is not easy but moderate in its rate
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Mon Feb 20, 2012 5:47 pm
([msg=64506]see Re: Please ask questions ONLY in this topic.[/msg])

Toss it to me and I'll try to help
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Wed Feb 22, 2012 7:15 pm
([msg=64558]see Re: Please ask questions ONLY in this topic.[/msg])

strongard wrote:I hope that I can hellp you but I am not qualified yet to explain to you as I am a beginner , with a very weak level a noob whose teachers are the genius adminstrators of this site , I have an experience only of 2 months and 5 days , before i become a student in this useful and instructive site , i was in other dutch site of hack challenges , it was good but the adminstrators are arrogant , impolite and they try the impossible to make the user unable to solve the challenge , because they want to stay the number ones , they hidden the secret of information because not all the techniques of hack are revealed in google , there are a lot of very dangerous technique of hacking especually in cryptography , 128 bits hash , social engineering and the " super user concept in windows and linux , for example with the super user you can access any computer whatsoever is its system of security but in one condition that this computer is the absolute server adminstrator connected to other computers with a limited privileges , like in cyber cafee , public cyber point
but you say something that confirms my word poetry peace challenge is not easy but moderate in its rate

Okay, I'm going with faith here, but are you autistic or something? I know that people like that usually think in terms of knowledge without knowing how to use it. Things that seem to come natural to others (like conversation/interpreting emotions etc.) and things others are not capable of (remembering a lot of factual knowledge, seeing patterns in a lot of things) are the opposite by individuals with autism.

concience: sorry for highjacking the thread, but I think this might avoid conflict, I'll send PMs to strongard from now on...
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 821
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Thu Feb 23, 2012 1:26 pm
([msg=64576]see Re: Please ask questions ONLY in this topic.[/msg])

cyberdrain wrote:
strongard wrote:I hope that I can hellp you but I am not qualified yet to explain to you as I am a beginner , with a very weak level a noob whose teachers are the genius adminstrators of this site , I have an experience only of 2 months and 5 days , before i become a student in this useful and instructive site , i was in other dutch site of hack challenges , it was good but the adminstrators are arrogant , impolite and they try the impossible to make the user unable to solve the challenge , because they want to stay the number ones , they hidden the secret of information because not all the techniques of hack are revealed in google , there are a lot of very dangerous technique of hacking especually in cryptography , 128 bits hash , social engineering and the " super user concept in windows and linux , for example with the super user you can access any computer whatsoever is its system of security but in one condition that this computer is the absolute server adminstrator connected to other computers with a limited privileges , like in cyber cafee , public cyber point
but you say something that confirms my word poetry peace challenge is not easy but moderate in its rate

Okay, I'm going with faith here, but are you autistic or something? I know that people like that usually think in terms of knowledge without knowing how to use it. Things that seem to come natural to others (like conversation/interpreting emotions etc.) and things others are not capable of (remembering a lot of factual knowledge, seeing patterns in a lot of things) are the opposite by individuals with autism.

concience: sorry for highjacking the thread, but I think this might avoid conflict, I'll send PMs to strongard from now on...


no prob, mate
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 248
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests