Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by limdis on Sat Mar 23, 2013 12:52 pm
([msg=74682]see Re: Please ask questions ONLY in this topic.[/msg])

TheCppGuy wrote:Well I just downloaded the crappysoft demo exe but it didnt work and i'm worried that it had some kind of virus.
Can somebodey assure me that it is safe?

The file is fine. Assume this is a real challenge. It's a demo, so if it's not working... well. Dead end. Perhaps you don't need it. *hint*
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1383
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by impulse_x on Sun May 12, 2013 10:08 pm
([msg=75577]see Re: Please ask questions ONLY in this topic.[/msg])

Hi,

I have a problem with this mission, based on a theoretical issue of sending a pm to the boss.

In order to perfect a c.s., I'd need to trial-and-error it via sending multiple PMs to the boss. I would
think that after the 2nd attempt of perfecting a c.s., the boss would've clued in that I was doing
something not-so-kosher and alert security. Isn't this a little less 'realistic' to allow the
attemptee to do a trial-and-error on the boss' pm?

Anyway, I've looked at a few XSS pages and I understand the 'concept'. It's the actual application
that I'm stumped on. It needs to use javascript + window.<something>. I haven't yet
figured out what the javascript lines look like, so I'm hoping to try an alternative pathway
of taking on this mission.

In an earlier message, someone mentioned of downloading the user database and then doing
what I assume to a brute-force attack on the admin's pw. is this an alternative?

Ix
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Sun May 12, 2013 11:21 pm
([msg=75578]see Re: Please ask questions ONLY in this topic.[/msg])

impulse_x wrote:Hi,

I have a problem with this mission, based on a theoretical issue of sending a pm to the boss.

In order to perfect a c.s., I'd need to trial-and-error it via sending multiple PMs to the boss. I would
think that after the 2nd attempt of perfecting a c.s., the boss would've clued in that I was doing
something not-so-kosher and alert security. Isn't this a little less 'realistic' to allow the
attemptee to do a trial-and-error on the boss' pm?

In an earlier message, someone mentioned of downloading the user database and then doing
what I assume to a brute-force attack on the admin's pw. is this an alternative?


First off, realistically speaking, you would first probably take what source code you can, and try to make a controlled environment of the site at first. Next, you would want to set up two test account, and insure proper syntax + the ability to cover your ass afterwards/in the process of. You would next try the syntax from one to the other, until perfected. If you can't manage to re-create the way the site works due to some missing files such as php, etc, then you would test it on the site itself with your two test accounts, while being anonymous.

As for the mission, I'm sure hackthissite, (even though they can) didn't want to block a user from trying to complete the challenge, after they fuxed up their code more than one time. You can't really compare hackthissite to other sites around the world. Hackthissite helps delve users into critical thinking, as well as demonstrates and teaches users how exploits work, through the process of real-time exploitation.

Now, I'm not sure what the other person is talking about, but the scenario went like so for me:
Send the "c.s.", and then for simplicity, hackthissite will provide you with the username/password, and the password will be encrypted. You have to find the value of that hash, and continue about the challenge.

Don't take your focus off of the c.s, you will need this to win. (At least from what I know)
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1338
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by impulse_x on Mon May 13, 2013 2:15 am
([msg=75579]see Re: Please ask questions ONLY in this topic.[/msg])

-Ninjex- wrote:First off, realistically speaking, you would first probably take what source code you can, and try to make a controlled environment of the site at first. Next, you would want to set up two test account, and insure proper syntax + the ability to cover your ass afterwards/in the process of. You would next try the syntax from one to the other, until perfected. If you can't manage to re-create the way the site works due to some missing files such as php, etc, then you would test it on the site itself with your two test accounts, while being anonymous.


Ah, thanks for the info.

-Ninjex- wrote:Send the "c.s.", and then for simplicity, hackthissite will provide you with the username/password, and the password will be encrypted. You have to find the value of that hash, and continue about the challenge.

Don't take your focus off of the c.s, you will need this to win. (At least from what I know)


Right. Thanks. I'm still stuck on the javascript c.s. thingy. I know I need to redirect the cookie somewhere..
As I understand it, I don't save it to a file, and I'm not sure if it's even allowed to pm it back to me (I don't think\
javascript does that).

Guess I'll trail-and-error this..

Edit: You've really GOT to be kidding me. It was really that simple???

Thanks

Ix
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by astrix37 on Mon May 20, 2013 5:08 am
([msg=75701]see Re: Please ask questions ONLY in this topic.[/msg])

I'm confused. I completed the mission with some difficulty, but completed it. I didn't understand how what I did cleared the logs. All I did was change a value. From what I can tell it should have put the input into the value, not clear the contents. Explain?
astrix37
New User
New User
 
Posts: 6
Joined: Mon Jun 16, 2008 5:59 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by fede333lago on Wed Nov 20, 2013 4:13 pm
([msg=78259]see Re: Please ask questions ONLY in this topic.[/msg])

Hi! i have a general question that came up, but its associated with this mission.
Im trying to use the form to send pm's in the url with all the parameters.
When i use the tamper data plugin to see what im sending to the server through the php form, 4 parameters show up, receiver, topic, message and btnAction (the destination mail, the subject, the message and the send button)
And i see all of this in the following url:

https://www.hackthissite.org/missions/r ... ction=Send
And when i send the message i see "message sent to r-conner@crappysoft.com. But when i enter the url all i get is "please complete all fields", as if i were entering something incorrectly.
How can i send a pm with the parameters specified in the url?
Thanks in advance for any help
fede333lago
New User
New User
 
Posts: 3
Joined: Wed Nov 13, 2013 2:30 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by arivor on Thu Jan 09, 2014 3:29 pm
([msg=78817]see Re: Please ask questions ONLY in this topic.[/msg])

Hi all!

I only know the basics of JS. I completed this mission with a hint from Google, but I don't know why it worked. Shouldn't the xss be something with <script> tags? The only way I got it working was by omitting those and using "javascript:void".

I understand what the void function is for, but why would this code be executed when the boss opens the message? Since it's not in tags, wouldn't it just sit there as plain text?

I'd really appreciate a short explanation here.

-arivor

PS: Actually, the question fede333lago posted above is also interesting. How does the script know I didn't actually use the form?
arivor
New User
New User
 
Posts: 2
Joined: Tue Jan 07, 2014 6:36 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by CovertMagic on Thu May 01, 2014 6:20 am
([msg=80491]see Re: Please ask questions ONLY in this topic.[/msg])

I was initially thrown/confused by the message, somewhere in this thread, saying something like:
Only one of the possible realistic methods will work


Here's some hints for those who don't know which the correct method is, and specifically don't want to run a cookie stealing script on their own server:

You don't need to actually have a cookie stealing script, you just need to demonstrate how one would work.

In fact, it doesn't even need to work. The "correct solution" appears to be "checking for three words".

It doesn't even matter what order the words are in. Just make sure your solution has them.
CovertMagic
New User
New User
 
Posts: 8
Joined: Fri Feb 21, 2014 6:23 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by jamandsunderlands on Sun May 11, 2014 2:09 am
([msg=80636]see Re: Please ask questions ONLY in this topic.[/msg])

Hi y'all. I'm still banging my head against it as well. After reading all the posts, I'm still unsure if my solution (which hasn't worked yet) is somewhat novel, or if everybody is just really coy to mention it.

I couldn't find any pages on the site where injecting stuff into a url would inject code, so instead I've been trying to do just plain javascript injection using an AJAX request that would PM r-conner with the cookie. It won't let me PM something that long, so instead I've been sending it through the "Contact" page. No luck.

Is this approach off-kilter? Would it plausibly work in real life?

Thanks for any help.

Edit: Got it using simpler tricks. I think I resorted to AJAX because I initially thought I was going to have to find webhosting to actually do the PHP scripting, so instead I wanted to get the hash through the private messaging of the website.
jamandsunderlands
New User
New User
 
Posts: 1
Joined: Sat May 10, 2014 4:13 pm
Blog: View Blog (0)


Previous

Return to (Real 9) CrappySoft

Who is online

Users browsing this forum: No registered users and 0 guests