Please ask questions ONLY in this topic.

[ellion]

i think the problem most of the people here have with the xss code is that it uses kinda old syntax. i think what makes the difference is not to use doc... but win...

please dont delete this post, this took me a whole HOUR even though my xss attack (or better: the hundreds of them) would have worked and it doesnt really spoil anything.

[Crash72]

I'm having the same problem as most of the people here- I've spent a good bit of time reading about XSS and JS, and I've tested it out and learned the basic ideas. I've written a cookie-stealer (which I later read was not necessary for this mission) and have experimented with some XSS injection on other sites, with good results. I still can't figure out the command needed to complete this mission. I have been trying every bit of code I can come up with, but I haven't found anything. A hint would be much appreciated, possibly a link to a reference dealing with the specific syntax in question? If you'd like, PM me- I can give you the code that I have already tried.

[dark_fighter]

ok i feel like my head is gonna explode!!!
after i worked my ass out to just write the simpliest javascript comand ever, i cannot login as an admin...
the site gives me the hash but i cant decode it, neither eith JTR nor Cain...
using some basic java injection i cange the value of a cookie with that of the hash (the original value of the cookie is also an md5 hash, because i've checked it and broke it, only because i new the decrypted phrase), i change my username in the strUsername cookie with the admin's but still the site doesn't recognises me as an admin!!!

any help!!

hope my post is not to "spoiler-ish"...

[Defience]

Make sure that you are changing the entire string, which should contain 3 variables and there is nothing that needs decoded.

[dark_fighter]

well thanks for your responce!
i completed the mission 5 mins ago... and yes you are right, i hadn't noticed the third var

anyway... quite educating mission... until i found what i had to do i learned many things!!

[Karalu]

Do I need the demo.exe? Is it just a handy thing? Or doesn't it have any relevance?

[Okeymaker]

I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

[Defience]

I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

Try javascript.

[hellow533]

I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

Then try to "change" your cookies. Once you get his strpass and struser change your cookies to his by right clicking firecookie and using "edit". I hope this isn't too much of a spoiler!

[Okeymaker]

I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

Then try to "change" your cookies. Once you get his strpass and struser change your cookies to his by right clicking firecookie and using "edit". I hope this isn't too much of a spoiler!

I know. I know that I must change the cookies. BUT HOW ARE THEY STRUCTURED? OMg, I have no idea. I must google on I guess.