Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by limdis on Sat Nov 17, 2012 5:43 pm
([msg=71027]see Re: Please ask questions ONLY in this topic.[/msg])

oh yeah
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1398
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by not_essence2 on Sat Nov 17, 2012 6:42 pm
([msg=71037]see Re: Please ask questions ONLY in this topic.[/msg])

Every security-related/conscious site does.
not_essence2
Poster
Poster
 
Posts: 189
Joined: Fri Sep 14, 2012 6:09 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by lota7 on Thu Nov 22, 2012 10:48 am
([msg=71217]see Re: Please ask questions ONLY in this topic.[/msg])

OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?
lota7
New User
New User
 
Posts: 1
Joined: Thu Nov 22, 2012 10:45 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Shade_of_Gray on Thu Nov 22, 2012 10:54 am
([msg=71218]see Re: Please ask questions ONLY in this topic.[/msg])

lota7 wrote:OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?


Generally speaking? Try both.
Shade_of_Gray
Experienced User
Experienced User
 
Posts: 60
Joined: Mon Oct 22, 2012 11:04 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sun Nov 25, 2012 2:21 pm
([msg=71320]see Re: Please ask questions ONLY in this topic.[/msg])

Shade_of_Gray wrote:
lota7 wrote:OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?


Generally speaking? Try both.


Yes, it of course depends on the OS the server is running.

For the "generally speaking" part, Windows accepts forward slash, so it is generally a better idea to try that first.
Also, you can fingerprint the underlying OS by, for example, checking whether the filenames are case-sensitive or not.
Some other characteristics of certain software products can be fingerprinted as well, but I won't go into this as it is not related to the mission.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by gpegasus77 on Fri Dec 14, 2012 12:49 pm
([msg=71713]see Re: Please ask questions ONLY in this topic.[/msg])

Ok i cheated and solved it.
Can somebody please tell me WHY it worked?
Understood the teory od DT read tons the posts here then looked for a solution...
would appreciate some explanation on the submission code explanation...
gpegasus77
New User
New User
 
Posts: 10
Joined: Mon Dec 10, 2012 12:13 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fashizzlepop on Fri Dec 14, 2012 4:59 pm
([msg=71715]see Re: Please ask questions ONLY in this topic.[/msg])

Why'd you cheat? Why not try solving it on your own now and figure out why.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by gpegasus77 on Sat Dec 15, 2012 5:19 am
([msg=71725]see Re: Please ask questions ONLY in this topic.[/msg])

After 4 days of getting crazy and no poin to get it?
I understood what i did but i was walking blind on it.
I assume i was storing a file but: how to be certain of it?
when i did ../index.html what was the code actually executed?
Trying and trying i get to the answer to this and next realistic solution but i don't alwais get WHY it works on this way.
gpegasus77
New User
New User
 
Posts: 10
Joined: Mon Dec 10, 2012 12:13 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Raziels on Sat Jan 26, 2013 10:39 am
([msg=72662]see Re: Please ask questions ONLY in this topic.[/msg])

Danm bonus points, all lies… lol

Thanks guys, good tips:

liuyuan wrote:Just want to clarify:

Despite bearing similarities between the two missions. (Basic 9 and Realist 4) they have NOTHING to do with each other besides directory traversal(it's called traversal, not transversal... It's not even a word...).

It's good if you can actually learn something...
Basic 9 takes advantage of server side includes vulnerabilities. Allowing server commands to be excused.
Realistic 4, however, takes advantage of a php file() function. The poetries were saved as... well... plain files with no extensions (such as .php, .txt) it's just loaded with include() or require() from the .php display script.

Here is a diagram I've made to help you understand this.
http://img294.imageshack.us/img294/2749/real4uy9.jpg

As a bonus, which is irrelevant to the mission, check out these.
http://www.hackthissite.org/missions/re ... he%20Idiot
http://www.hackthissite.org/missions/re ... ding%20War

Every time you get a "page not found" e.g. http://www.hackthissite.org/missions/realistic/3/poems/
it means the page is forbidden, but the file/directory actually exists!
Every time you get a witty comment and a page not found, it means it doesn't exists at all.

I know this because I've redirected all 403 forbidden to the "page not found" page, because I was tired of getting a anti-DDOS 403 Forbidden page XD


JonBoyMullins wrote:Consider this...

The name of the poem ends up being the name of the file.

Knowing the directory you are in, and index.html is in, is imperative.


Apologies if ive given too much away, please remove if neccessary :D


Vive wrote:
IF SPOILER MESSAGE.EDIT() && AUTHOR.APOLOGIZE() END IF
-rjstark
thread:stumped
<SPOILER-ISH>
I once saved a folder(directory) for aircraft in a flight simulator "MyDesigns/Custom" and i was unable to access the contents of that folder(directory) using *nix commands because of the filename
</SPOILER-ISH>

when the file is saved it is saved to the server immediately and the file name is not filtered


http://en.wikipedia.org/wiki/Directory_traversal_attack

One more tip, I was thinking about what would happen to the hacked page, then I realized it’s a climbing attack
User avatar
Raziels
New User
New User
 
Posts: 3
Joined: Fri Jan 25, 2013 6:15 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by corbonium on Mon Jan 28, 2013 2:16 pm
([msg=72779]see Re: Please ask questions ONLY in this topic.[/msg])

I completed this mission, but maybe by luck, if you count educated guesses as luck. So I have a question:

How do you know that directory traversal is the key? I could not find any evidence that anything is stored in different directories at all.
corbonium
New User
New User
 
Posts: 15
Joined: Wed Jan 02, 2013 8:11 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests