WHERE TO START

WHERE TO START

Post by usernamenotused on Mon Apr 21, 2008 5:13 pm
([msg=905]see WHERE TO START[/msg])

I have already wrote a topic on this thread, but obvously it was too spoilery. guess that i was trying to help the noobs a bit too much ;) sorry fellas, now, i have got some people asking me what to do, . . . i say that this small hint might be enough for those of you looking for a way to go, without being a spoiler. when you have user information kept in cookies, you can view them using
Code: Select all
javascript:alert(document.cookies)
Now, you want to log in as the administrator, (rconnor's boss) and access the pay page. so, you need to change the information in the cookie from rconnor's login information, to his bosses. who stole the cookies from the cookie jar? well it better be you if you want to finish this realistic mish. 3 things here. 1. google is your buddy, 2. freakwolfe is pretty good at stealing cookies from the cookie jar. 3. xss is your other buddy.
usernamenotused
New User
New User
 
Posts: 1
Joined: Wed Apr 16, 2008 12:27 pm
Blog: View Blog (0)


Re: WHERE TO START

Post by sk8linkinhr on Thu Apr 24, 2008 8:03 am
([msg=1194]see Re: WHERE TO START[/msg])

nice tutorial ;) ;)
sk8linkinhr
New User
New User
 
Posts: 6
Joined: Wed Apr 23, 2008 4:35 pm
Blog: View Blog (0)


Re: WHERE TO START

Post by Robbinski12 on Thu Apr 24, 2008 8:09 am
([msg=1195]see Re: WHERE TO START[/msg])

actually it's
Code: Select all
javascript:alert(document.cookie)
[hr]Missions completed (updated 21-03-09): (Points: 1894)
Basic: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11
Realistic: 1,2, 3, 4, 5, 6, 8, 9, 12, 13
Application: 1, 2, 3, 5, 8
Javascript: 1, 2, 3, 4, 5, 6, 7
IRC: 1
Logic: 1
Extbasic: 1, 2
Stego: 3, 4, 6
Robbinski12
New User
New User
 
Posts: 32
Joined: Sun Apr 20, 2008 7:34 am
Blog: View Blog (0)


Re: WHERE TO START

Post by Damascus2k8 on Thu Apr 24, 2008 11:34 am
([msg=1203]see Re: WHERE TO START[/msg])

Robbinski12 wrote:actually it's
Code: Select all
javascript:alert(document.cookie)

or it could be
Code: Select all
solved=download(FF & Add 'n' Edit Cookies)

:lol: :lol: :lol:


C0362AF19B89E861F21485CE1D2B430E



"Change your thoughts and you change your world!"
Damascus2k8
Experienced User
Experienced User
 
Posts: 68
Joined: Mon Apr 14, 2008 8:18 pm
Location: /root
Blog: View Blog (0)


Re: WHERE TO START

Post by tehMurloc on Tue Apr 29, 2008 12:46 pm
([msg=1733]see Re: WHERE TO START[/msg])

I'm stuck =(

Might contain spoilers

I have successfully created a working cookie stealer (I tested it), but the problem is that I don't know how to use it. I think the point is to make the boss somehow visit the stealer site, but I'm not sure how to do that . I tried some techniques of sending some scripted mails, but I couldn't make it. I'm not sure if that is the right way, so some advice would be useful.
Thanks!
tehMurloc
New User
New User
 
Posts: 4
Joined: Sun Apr 20, 2008 4:12 am
Blog: View Blog (0)


Re: WHERE TO START

Post by purple_pixie on Tue Apr 29, 2008 3:01 pm
([msg=1737]see Re: WHERE TO START[/msg])

When you tested it, did you test it with the JS to call the stealer, or just straight visiting the .php ?
purple_pixie
New User
New User
 
Posts: 22
Joined: Mon Apr 28, 2008 8:08 am
Blog: View Blog (0)


Re: WHERE TO START

Post by tehMurloc on Wed Apr 30, 2008 1:05 pm
([msg=1738]see Re: WHERE TO START[/msg])

purple_pixie wrote:When you tested it, did you test it with the JS to call the stealer, or just straight visiting the .php ?

Yes, I used JS to call it.
tehMurloc
New User
New User
 
Posts: 4
Joined: Sun Apr 20, 2008 4:12 am
Blog: View Blog (0)


Re: WHERE TO START

Post by c24lightning on Wed Apr 30, 2008 6:23 pm
([msg=1774]see Re: WHERE TO START[/msg])

tehMurloc wrote:
purple_pixie wrote:When you tested it, did you test it with the JS to call the stealer, or just straight visiting the .php ?

Yes, I used JS to call it.

Are your variables correctly set up? Do you include the cookie(s) at the end of the URL using JS?
Here's some sites you might be interested in:

Need a proxy? Here - user:pass combination is proxy:bypass
c24lightning
Poster
Poster
 
Posts: 203
Joined: Sat Apr 19, 2008 7:46 am
Location: The infinite insanity of thought
Blog: View Blog (0)


Re: WHERE TO START

Post by pescador on Fri May 02, 2008 4:50 am
([msg=1912]see Re: WHERE TO START[/msg])

I think I have the same problem as tehMurloc. When I call my script I receive my own cookie, so that seems to work. Now when I send it to a certain someone, nothing happens. Also, when I try to send a message to myself (I mean r-conner), I don't receive anything. Is that correct?
pescador
New User
New User
 
Posts: 5
Joined: Mon Apr 28, 2008 10:29 am
Blog: View Blog (0)


Re: WHERE TO START

Post by robi_petranovic on Sun May 04, 2008 12:26 pm
([msg=2084]see Re: WHERE TO START[/msg])

pescador wrote:I think I have the same problem as tehMurloc. When I call my script I receive my own cookie, so that seems to work. Now when I send it to a certain someone, nothing happens. Also, when I try to send a message to myself (I mean r-conner), I don't receive anything. Is that correct?


yeah,same thing with me.... And I have tested it with my own cookies and it works....
robi_petranovic
New User
New User
 
Posts: 22
Joined: Thu Apr 17, 2008 1:31 pm
Blog: View Blog (0)


Next

Return to (Real 9) CrappySoft

Who is online

Users browsing this forum: No registered users and 0 guests