Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by ellion on Sun Nov 14, 2010 3:05 pm
([msg=48877]see Re: Please ask questions ONLY in this topic.[/msg])

i think the problem most of the people here have with the xss code is that it uses kinda old syntax. i think what makes the difference is not to use doc... but win...

please dont delete this post, this took me a whole HOUR even though my xss attack (or better: the hundreds of them) would have worked and it doesnt really spoil anything.
ellion
New User
New User
 
Posts: 1
Joined: Sat Nov 13, 2010 8:15 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Crash72 on Tue Nov 23, 2010 4:01 pm
([msg=49324]see Re: Please ask questions ONLY in this topic.[/msg])

I'm having the same problem as most of the people here- I've spent a good bit of time reading about XSS and JS, and I've tested it out and learned the basic ideas. I've written a cookie-stealer (which I later read was not necessary for this mission) and have experimented with some XSS injection on other sites, with good results. I still can't figure out the command needed to complete this mission. I have been trying every bit of code I can come up with, but I haven't found anything. A hint would be much appreciated, possibly a link to a reference dealing with the specific syntax in question? If you'd like, PM me- I can give you the code that I have already tried.
Crash72
New User
New User
 
Posts: 3
Joined: Thu Sep 16, 2010 12:16 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dark_fighter on Wed Jan 05, 2011 10:33 pm
([msg=51774]see Re: Please ask questions ONLY in this topic.[/msg])

ok i feel like my head is gonna explode!!!
after i worked my ass out to just write the simpliest javascript comand ever, i cannot login as an admin...
the site gives me the hash but i cant decode it, neither eith JTR nor Cain...
using some basic java injection i cange the value of a cookie with that of the hash (the original value of the cookie is also an md5 hash, because i've checked it and broke it, only because i new the decrypted phrase), i change my username in the strUsername cookie with the admin's but still the site doesn't recognises me as an admin!!!

any help!!

hope my post is not to "spoiler-ish"...
dark_fighter
New User
New User
 
Posts: 3
Joined: Mon Jan 03, 2011 6:54 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Wed Jan 05, 2011 10:45 pm
([msg=51775]see Re: Please ask questions ONLY in this topic.[/msg])

Make sure that you are changing the entire string, which should contain 3 variables and there is nothing that needs decoded.
User avatar
Defience
Addict
Addict
 
Posts: 1265
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dark_fighter on Wed Jan 05, 2011 11:10 pm
([msg=51780]see Re: Please ask questions ONLY in this topic.[/msg])

well thanks for your responce!
i completed the mission 5 mins ago... and yes you are right, i hadn't noticed the third var :mrgreen:

anyway... quite educating mission... until i found what i had to do i learned many things!!
dark_fighter
New User
New User
 
Posts: 3
Joined: Mon Jan 03, 2011 6:54 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Karalu on Fri Jan 14, 2011 2:26 pm
([msg=52166]see Re: Please ask questions ONLY in this topic.[/msg])

Do I need the demo.exe? Is it just a handy thing? Or doesn't it have any relevance?
Karalu
New User
New User
 
Posts: 1
Joined: Fri Jan 14, 2011 2:22 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Okeymaker on Tue Feb 01, 2011 3:33 pm
([msg=53088]see Re: Please ask questions ONLY in this topic.[/msg])

I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?
~SEEK AND HEAL~ Failure
User avatar
Okeymaker
Experienced User
Experienced User
 
Posts: 59
Joined: Tue Jan 04, 2011 11:22 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Tue Feb 01, 2011 4:06 pm
([msg=53089]see Re: Please ask questions ONLY in this topic.[/msg])

Okeymaker wrote:I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?


Try javascript.
User avatar
Defience
Addict
Addict
 
Posts: 1265
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by hellow533 on Sat Feb 19, 2011 12:52 pm
([msg=53865]see Re: Please ask questions ONLY in this topic.[/msg])

Okeymaker wrote:I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

Then try to "change" your cookies. Once you get his strpass and struser change your cookies to his by right clicking firecookie and using "edit". I hope this isn't too much of a spoiler!
“True hacking is like skydiving, you want to make sure you have arms, because nobody’s going to be there to pull the chute for you.”
User avatar
hellow533
Poster
Poster
 
Posts: 486
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Okeymaker on Sat Feb 19, 2011 2:53 pm
([msg=53874]see Re: Please ask questions ONLY in this topic.[/msg])

hellow533 wrote:
Okeymaker wrote:I managed to the part when you get the administrator StrPassword cookie and all that. But I have no idea of how I can learn how to RESET the cookie. Then I came up with and idea, so I tried to install firebug´s expansion app, firecookie, but it has no manual (nope, I didnt count on that but it would have been nice) and I dont know how to use it to complete the mission.... Any hints? Where can I learn how to reset cookies in a useful way? Or am I using the wrong method?

Then try to "change" your cookies. Once you get his strpass and struser change your cookies to his by right clicking firecookie and using "edit". I hope this isn't too much of a spoiler!

I know. I know that I must change the cookies. BUT HOW ARE THEY STRUCTURED? OMg, I have no idea. I must google on I guess.
~SEEK AND HEAL~ Failure
User avatar
Okeymaker
Experienced User
Experienced User
 
Posts: 59
Joined: Tue Jan 04, 2011 11:22 am
Blog: View Blog (0)


PreviousNext

Return to (Real 9) CrappySoft

Who is online

Users browsing this forum: No registered users and 0 guests