Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by ellion on Sun Nov 14, 2010 3:05 pm
([msg=48877]see Re: Please ask questions ONLY in this topic.[/msg])

i think the problem most of the people here have with the xss code is that it uses kinda old syntax. i think what makes the difference is not to use doc... but win...

please dont delete this post, this took me a whole HOUR even though my xss attack (or better: the hundreds of them) would have worked and it doesnt really spoil anything.
ellion
New User
New User
 
Posts: 1
Joined: Sat Nov 13, 2010 8:15 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Crash72 on Tue Nov 23, 2010 4:01 pm
([msg=49324]see Re: Please ask questions ONLY in this topic.[/msg])

I'm having the same problem as most of the people here- I've spent a good bit of time reading about XSS and JS, and I've tested it out and learned the basic ideas. I've written a cookie-stealer (which I later read was not necessary for this mission) and have experimented with some XSS injection on other sites, with good results. I still can't figure out the command needed to complete this mission. I have been trying every bit of code I can come up with, but I haven't found anything. A hint would be much appreciated, possibly a link to a reference dealing with the specific syntax in question? If you'd like, PM me- I can give you the code that I have already tried.
Crash72
New User
New User
 
Posts: 3
Joined: Thu Sep 16, 2010 12:16 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dark_fighter on Wed Jan 05, 2011 10:33 pm
([msg=51774]see Re: Please ask questions ONLY in this topic.[/msg])

ok i feel like my head is gonna explode!!!
after i worked my ass out to just write the simpliest javascript comand ever, i cannot login as an admin...
the site gives me the hash but i cant decode it, neither eith JTR nor Cain...
using some basic java injection i cange the value of a cookie with that of the hash (the original value of the cookie is also an md5 hash, because i've checked it and broke it, only because i new the decrypted phrase), i change my username in the strUsername cookie with the admin's but still the site doesn't recognises me as an admin!!!

any help!!

hope my post is not to "spoiler-ish"...
dark_fighter
New User
New User
 
Posts: 3
Joined: Mon Jan 03, 2011 6:54 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Wed Jan 05, 2011 10:45 pm
([msg=51775]see Re: Please ask questions ONLY in this topic.[/msg])

Make sure that you are changing the entire string, which should contain 3 variables and there is nothing that needs decoded.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dark_fighter on Wed Jan 05, 2011 11:10 pm
([msg=51780]see Re: Please ask questions ONLY in this topic.[/msg])

well thanks for your responce!
i completed the mission 5 mins ago... and yes you are right, i hadn't noticed the third var :mrgreen:

anyway... quite educating mission... until i found what i had to do i learned many things!!
dark_fighter
New User
New User
 
Posts: 3
Joined: Mon Jan 03, 2011 6:54 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Karalu on Fri Jan 14, 2011 2:26 pm
([msg=52166]see Re: Please ask questions ONLY in this topic.[/msg])

Do I need the demo.exe? Is it just a handy thing? Or doesn't it have any relevance?
Karalu
New User
New User
 
Posts: 1
Joined: Fri Jan 14, 2011 2:22 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Okeymaker on Tue Feb 01, 2011 3:33 pm
([msg=53088]see Re: Please ask questions ONLY in this topic.[/msg])

I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?
~SEEK AND HEAL~ Failure
User avatar
Okeymaker
Experienced User
Experienced User
 
Posts: 59
Joined: Tue Jan 04, 2011 11:22 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Tue Feb 01, 2011 4:06 pm
([msg=53089]see Re: Please ask questions ONLY in this topic.[/msg])

Okeymaker wrote:I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?


Try javascript.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by hellow533 on Sat Feb 19, 2011 12:52 pm
([msg=53865]see Re: Please ask questions ONLY in this topic.[/msg])

Okeymaker wrote:I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

Then try to "change" your cookies. Once you get his strpass and struser change your cookies to his by right clicking firecookie and using "edit". I hope this isn't too much of a spoiler!
“Teach me how to hack!”
"What, like, with an axe?"
User avatar
hellow533
Contributor
Contributor
 
Posts: 514
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Okeymaker on Sat Feb 19, 2011 2:53 pm
([msg=53874]see Re: Please ask questions ONLY in this topic.[/msg])

hellow533 wrote:
Okeymaker wrote:I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

Then try to "change" your cookies. Once you get his strpass and struser change your cookies to his by right clicking firecookie and using "edit". I hope this isn't too much of a spoiler!

I know. I know that I must change the cookies. BUT HOW ARE THEY STRUCTURED? OMg, I have no idea. I must google on I guess.
~SEEK AND HEAL~ Failure
User avatar
Okeymaker
Experienced User
Experienced User
 
Posts: 59
Joined: Tue Jan 04, 2011 11:22 am
Blog: View Blog (0)


PreviousNext

Return to (Real 9) CrappySoft

Who is online

Users browsing this forum: No registered users and 0 guests