Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by brubru on Wed Mar 04, 2015 9:27 am
([msg=87010]see Re: Please ask questions ONLY in this topic.[/msg])

HNicolai wrote:Also heres some "hints" (not really "hints" but more some "tips"):
  • The "demo" program is crap, you don't need it... And it does not really work, so don't worry
  • You don't need to setup a cookiestealer, just image you own the host "hts.com" and a file called "c.php" exist on the host.


The second point is the most important advice here if like me you were wasting your time trying to think of something that would work while at the same time being told javascript is enough :) That and the window instead of document thingy.


Challenge done, but I'm still wondering where the "you forgot to pay me :(" is supposed to come from.
brubru
New User
New User
 
Posts: 3
Joined: Thu Feb 26, 2015 8:24 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Dualis on Thu Jul 23, 2015 1:48 am
([msg=89074]see Re: Please ask questions ONLY in this topic.[/msg])

I completed the mission but I'm slightly confused as to why my solution worked the way it did. I spent forever trying to send a link to my cookie stealer to m-crap with no success. In a realistic situation, I feel like that would make sense. I'm sending it through a private message system, so he clicks the link, gets redirected to whatever page, and I get the cookie info.

Eventually I realized that I had to send the the actual script to redirect him to the page. But I dont understand how that would work in real life. As opposed to getting a link that m-crap would unsuspectingly click on, he'd open up his PM to find a snippet of super suspcious javascript and realize exactly what I was trying to do. What am I missing here?
Dualis
New User
New User
 
Posts: 1
Joined: Thu Jul 23, 2015 1:38 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by buluba89 on Sat Sep 05, 2015 3:58 pm
([msg=89654]see Re: Please ask questions ONLY in this topic.[/msg])

brubru wrote:
HNicolai wrote:Also heres some "hints" (not really "hints" but more some "tips"):
  • The "demo" program is crap, you don't need it... And it does not really work, so don't worry
  • You don't need to setup a cookiestealer, just image you own the host "hts.com" and a file called "c.php" exist on the host.


The second point is the most important advice here if like me you were wasting your time trying to think of something that would work while at the same time being told javascript is enough :) That and the window instead of document thingy.


Challenge done, but I'm still wondering where the "you forgot to pay me :(" is supposed to come from.


Thanks a lot, i was also trying using the mail system to get info back, but its not so hard.... You can assume you have a service !
buluba89
New User
New User
 
Posts: 1
Joined: Sat Sep 05, 2015 3:54 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by sashonka on Tue Nov 10, 2015 8:38 pm
([msg=90497]see Re: Please ask questions ONLY in this topic.[/msg])

Plz tell me does this level work now cuz i do not see any changes when i send private messages to myself. Thanks
sashonka
New User
New User
 
Posts: 1
Joined: Sun Nov 08, 2015 3:13 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Lukee9 on Mon Dec 21, 2015 9:42 pm
([msg=91015]see Re: Please ask questions ONLY in this topic.[/msg])

Eugh, I spent extra time changing the script to actually pm me back the info i needed.

Here's my hint for you guys: Write a script pretending that you own a website (e.g. www.randomwebsite.com), and use that website in your script :) Good luck
Lukee9
New User
New User
 
Posts: 2
Joined: Mon Dec 21, 2015 2:56 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Carlsb3rg on Wed Mar 02, 2016 1:27 pm
([msg=91753]see Re: Please ask questions ONLY in this topic.[/msg])

I completed the XSS part quite easily but was stuck at overwriting the log files.

If it can be done without entering any code in the necessary field, how can it change anything that's kept on the server?

Any advice would be appreciated.
Carlsb3rg
New User
New User
 
Posts: 6
Joined: Sat Feb 06, 2016 10:28 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ran_yakumo on Sun Dec 18, 2016 5:32 am
([msg=93189]see Re: Please ask questions ONLY in this topic.[/msg])

Does anyone know why I cannot change my cookies with google chrome document.cookie console (like I did successfully for all the previous missions), and have to use firebug/firecookie for this one?
ran_yakumo
New User
New User
 
Posts: 6
Joined: Fri Dec 16, 2016 10:00 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Dec 24, 2016 8:58 am
([msg=93222]see Re: Please ask questions ONLY in this topic.[/msg])

ran_yakumo wrote:Does anyone know why I cannot change my cookies with google chrome document.cookie console (like I did successfully for all the previous missions), and have to use firebug/firecookie for this one?


I barely remember this mission, but cookies having paths associated with them are not the same cookies named identically, but without a specified path. I suspect this to be your cause.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 263
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mShred on Sun Dec 25, 2016 1:05 pm
([msg=93224]see Re: Please ask questions ONLY in this topic.[/msg])

conscience wrote:I barely remember this mission, but cookies having paths associated with them are not the same cookies named identically, but without a specified path. I suspect this to be your cause.

Damn, been a hot minute since I seen you around these waters.
For those about to hack, I salute you.
teehee
image
User avatar
mShred
Administrator
Administrator
 
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Please ask questions ONLY in this topic.

Post by conscience on Thu Dec 29, 2016 5:45 pm
([msg=93236]see Re: Please ask questions ONLY in this topic.[/msg])

mShred wrote:Damn, been a hot minute since I seen you around these waters.


I'm paying a visit from time to time. :mrgreen:
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 263
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


PreviousNext

Return to (Real 9) CrappySoft

Who is online

Users browsing this forum: No registered users and 0 guests