Page 53 of 65

Re: Please ask questions ONLY in this topic.

PostPosted: Sat Nov 17, 2012 5:43 pm
by limdis
oh yeah

Re: Please ask questions ONLY in this topic.

PostPosted: Sat Nov 17, 2012 6:42 pm
by not_essence2
Every security-related/conscious site does.

Re: Please ask questions ONLY in this topic.

PostPosted: Thu Nov 22, 2012 10:48 am
by lota7
OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?

Re: Please ask questions ONLY in this topic.

PostPosted: Thu Nov 22, 2012 10:54 am
by Shade_of_Gray
lota7 wrote:OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?


Generally speaking? Try both.

Re: Please ask questions ONLY in this topic.

PostPosted: Sun Nov 25, 2012 2:21 pm
by conscience
Shade_of_Gray wrote:
lota7 wrote:OH MY GOD.
I had this figured out hours ago but got screwed by " / ". I used a " \ " instead.
But DT information sites told me windows uses \ ?
Or is that based on the server running? Probably is, but how can I know what server the target is using?


Generally speaking? Try both.


Yes, it of course depends on the OS the server is running.

For the "generally speaking" part, Windows accepts forward slash, so it is generally a better idea to try that first.
Also, you can fingerprint the underlying OS by, for example, checking whether the filenames are case-sensitive or not.
Some other characteristics of certain software products can be fingerprinted as well, but I won't go into this as it is not related to the mission.

Re: Please ask questions ONLY in this topic.

PostPosted: Fri Dec 14, 2012 12:49 pm
by gpegasus77
Ok i cheated and solved it.
Can somebody please tell me WHY it worked?
Understood the teory od DT read tons the posts here then looked for a solution...
would appreciate some explanation on the submission code explanation...

Re: Please ask questions ONLY in this topic.

PostPosted: Fri Dec 14, 2012 4:59 pm
by fashizzlepop
Why'd you cheat? Why not try solving it on your own now and figure out why.

Re: Please ask questions ONLY in this topic.

PostPosted: Sat Dec 15, 2012 5:19 am
by gpegasus77
After 4 days of getting crazy and no poin to get it?
I understood what i did but i was walking blind on it.
I assume i was storing a file but: how to be certain of it?
when i did ../index.html what was the code actually executed?
Trying and trying i get to the answer to this and next realistic solution but i don't alwais get WHY it works on this way.

Re: Please ask questions ONLY in this topic.

PostPosted: Sat Jan 26, 2013 10:39 am
by Raziels
Danm bonus points, all lies… lol

Thanks guys, good tips:

liuyuan wrote:Just want to clarify:

Despite bearing similarities between the two missions. (Basic 9 and Realist 4) they have NOTHING to do with each other besides directory traversal(it's called traversal, not transversal... It's not even a word...).

It's good if you can actually learn something...
Basic 9 takes advantage of server side includes vulnerabilities. Allowing server commands to be excused.
Realistic 4, however, takes advantage of a php file() function. The poetries were saved as... well... plain files with no extensions (such as .php, .txt) it's just loaded with include() or require() from the .php display script.

Here is a diagram I've made to help you understand this.
http://img294.imageshack.us/img294/2749/real4uy9.jpg

As a bonus, which is irrelevant to the mission, check out these.
http://www.hackthissite.org/missions/re ... he%20Idiot
http://www.hackthissite.org/missions/re ... ding%20War

Every time you get a "page not found" e.g. http://www.hackthissite.org/missions/realistic/3/poems/
it means the page is forbidden, but the file/directory actually exists!
Every time you get a witty comment and a page not found, it means it doesn't exists at all.

I know this because I've redirected all 403 forbidden to the "page not found" page, because I was tired of getting a anti-DDOS 403 Forbidden page XD


JonBoyMullins wrote:Consider this...

The name of the poem ends up being the name of the file.

Knowing the directory you are in, and index.html is in, is imperative.


Apologies if ive given too much away, please remove if neccessary :D


Vive wrote:
IF SPOILER MESSAGE.EDIT() && AUTHOR.APOLOGIZE() END IF
-rjstark
thread:stumped
<SPOILER-ISH>
I once saved a folder(directory) for aircraft in a flight simulator "MyDesigns/Custom" and i was unable to access the contents of that folder(directory) using *nix commands because of the filename
</SPOILER-ISH>

when the file is saved it is saved to the server immediately and the file name is not filtered


http://en.wikipedia.org/wiki/Directory_traversal_attack

One more tip, I was thinking about what would happen to the hacked page, then I realized it’s a climbing attack

Re: Please ask questions ONLY in this topic.

PostPosted: Mon Jan 28, 2013 2:16 pm
by corbonium
I completed this mission, but maybe by luck, if you count educated guesses as luck. So I have a question:

How do you know that directory traversal is the key? I could not find any evidence that anything is stored in different directories at all.