Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by LoGiCaL__ on Sun Jan 29, 2012 2:51 am
([msg=63961]see Re: Please ask questions ONLY in this topic.[/msg])

limdis wrote:
2bigpigs wrote:I entered dropCash and 100000 in the boxes. Am i doing something wrong?

Lol, I was able to duplicate your error; you are short X amount of zeros.

I really enjoyed this, it was fun. Firebug made this challenge a LOT easier for those stuck on part 2.


limidis, it's good to have you around the forums and I see you are trying to help people. I decided to edit the post because it was more of "hey here" rather than a nudge in the right direction.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by limdis on Sun Jan 29, 2012 11:06 am
([msg=63972]see Re: Please ask questions ONLY in this topic.[/msg])

All good!
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1346
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Hint to show all users

Post by wolv3rin3 on Tue Feb 07, 2012 12:44 am
([msg=64163]see Re: Hint to show all users[/msg])

Deleted Spoiler Content

I need help!
I got the list of the 6600 users, i know that the table's name is 'users', but i'm stuck!
When i put those codes, a message appears and says 'username it's too long'
I think that the username for gary is 'G*r', because i read it in the thread

Also, when i go to the login page, i execute JS injection:
deleted spoiler content

but no results to access the account of g*

For example, i do SQL injection in the 'search' site:

deleted spoiler content without results
wolv3rin3
New User
New User
 
Posts: 8
Joined: Sat Feb 04, 2012 2:52 pm
Blog: View Blog (0)


Re: Hint to show all users

Post by Abate on Thu Feb 16, 2012 4:33 am
([msg=64405]see Re: Hint to show all users[/msg])

wolv3rin3 wrote:I need help!
I got the list of the 6600 users, i know that the table's name is spoiler, but i'm stuck!
When i put those codes, a message appears and says 'username it's too long'
I think that the username for gary is 'G*r', because i read it in the thread

Also, when i go to the login page, i execute JS injection:
deleted spoiler content
but no results to access the account of gary

For example, i do SQL injection in the 'search' site:

deleted spoiler content


Hey man, can you explain what are you trying to do here < G*r=''> ? You want to get password? What for?
You don't need to see his personal information. Just do javascript injection deleted spoiler content and then you can run next operation that you need ( removing money or logs ). You can install FireCookie to be sure that it is working ok =)
Sry I cannot tell you more clear how to make this as it would be not interesting when you will know all answers =)


One more thing. Maaaaan. Nines even mark you with red what you need to write there and you telling 'username it's too long' =) Read Nines message again, it is very helpful imho.
Abate
New User
New User
 
Posts: 1
Joined: Thu Feb 16, 2012 1:39 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by strongard on Fri Feb 24, 2012 11:41 pm
([msg=64601]see Re: Please ask questions ONLY in this topic.[/msg])

I red all the forum and nothing of these hints help me find the real username of gary hunter

Consider that the names are listed by join date from the earliest to the latest and also take a look at the details given about the user from the mission instructions. Then consider that you can only enter in a certain amount of characters for a username when you join.


On d mission description it's written dat the person does not know Gary Hunter's username, right?So, the username could be anything among the 155539032 results I get. even if d usrname is related 2 his original name, I think many of us would name our Usrname aftr his original name.

All of the usernames and whatnot are purposely put there. I think you actually submit them into the database. You have to figure out which one. As for the chopped code..? I'm not sure what you're talking about.

tried all Gary i guess...... there were more than 100......
still cant get it.....

I NEED A HELPFUL HINT TO HOW I CAN FIND THE USER NAME OF GARY ; THERE ARE 7002 USERS ; HOW I AM SUPPOSED TO DISCOVER THE REAL GARY?????

CAN ANYONE TELL ME SOME SIGNS ; HINTS IN THE MIDDLE OF THE LIST ; HIGH ; LOW

-- Sat Feb 25, 2012 12:58 am --

I tried the 7006 users that begins with gary , or hunter , or g or are suspected and put them in register but nothing happened instead it says " user name already existy"

I found other user name and when I put them in register they give login successfully but their account is zero $ so
so how the hell I am supposed to find this username
any HELPFUL HINT???
strongard
New User
New User
 
Posts: 30
Joined: Wed Feb 08, 2012 12:56 am
Blog: View Blog (0)


Security error undefined

Post by yermum on Sun Mar 18, 2012 2:42 pm
([msg=65082]see Security error undefined[/msg])

Hello,

Been using HTS for a couple days now and I love it, have learned a lot already!

I do have one question, this seems to be a somewhat common issue so please excuse my nubbery. However, Working on Mission 8 when I attempt a certain step I receive an error stating "security error undefined". I am using FF10 and issuing the certain command via the scratchpad. Can anyone offer a suggestion? I also tried installing an older version of Firefox (ff3) but it doesn't seem to want to play so well on my OS (BT5).


Thank you for anyone willing to spare a moment to assist!

Best Regards.

-- Sun Mar 18, 2012 4:51 pm --

Hello,

I have resolved the issue by using a different method.

Cheers!
yermum
New User
New User
 
Posts: 2
Joined: Sun Mar 18, 2012 2:36 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Senegra on Thu Mar 22, 2012 1:30 pm
([msg=65149]see Re: Please ask questions ONLY in this topic.[/msg])

Hi,

I'm new to HTS and i think it's great.

Just wanted to give a little hint to all inexperienced sql users. If you query a table and you don't use an order by clause, it will return your tupples by insert order. So if Mr Hunter was registered before we all started to mess around with the database, he will be amongst the first users that appear... hope i don't spoil it for anyone.

cheers
Senegra
New User
New User
 
Posts: 3
Joined: Thu Mar 22, 2012 1:22 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by r3p1ns on Thu Apr 12, 2012 6:42 am
([msg=65634]see Re: Please ask questions ONLY in this topic.[/msg])

Spent last night and most this morning on this, its not to hard if you use all the info at your finger tips. Make a list of the things you need to find out and any info you already are given.

If you have done the other missions you have used any techniques you will need for both parts of this mission

There is a couple on FireFox addons that makes this very accessible to most who are willing to read a bit. (FB & FC you could already have these addons)

You have his name but is it his account name? know of a way we could exploit a "search" somehow?
*once you have the list watch out for the account names, some have made similar names when they have tryed the mission, the one your after is quite clear.

Find a way to use what the site has given you in terms of the cash transfer...and theres even a handy script for clearing "your" logs. Could be handy

GoodLuck
r3p1ns
New User
New User
 
Posts: 3
Joined: Tue Apr 10, 2012 11:44 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by MistaX on Sat Apr 21, 2012 3:51 pm
([msg=65857]see Re: Please ask questions ONLY in this topic.[/msg])

Ack- I've tried manipulating the c**k**s to trick the site into thinking im gary using the ac*****Us**n*** - but to no avail.

Any tips?

EDIT: SOLVED
I kicked myself when I realised what I did wrong.

In the table of usernames I thought the username came second - after the colon. It came first-before the colon. *facepalm*
MistaX
New User
New User
 
Posts: 1
Joined: Sat Apr 21, 2012 3:48 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Halberdier on Thu Jun 07, 2012 7:58 am
([msg=66946]see Re: Please ask questions ONLY in this topic.[/msg])

I managed to transfer money, but I couldn't clear my tracks.
To transfer money I didn't need Javascript. Is Javascript instead mandatory to clear the logFiles directory?

Thank you.

-- Fri Jun 08, 2012 11:23 am --

Eventually completed with Javascript injection.

Partially out of topic: Firefox has some limitations, I had to complete it in Chrome (but with an add-on).
User avatar
Halberdier
New User
New User
 
Posts: 5
Joined: Fri Apr 06, 2012 7:22 am
Blog: View Blog (0)


PreviousNext

Return to (Real 8) United Banks Of America

Who is online

Users browsing this forum: No registered users and 0 guests