Please ask questions ONLY in this topic.

[sharpiee]

I know this isn't really a question but it is helpful! Chrome has a built in feature to change useragents. If you hit F12 and go to the console tab there is an options button in the very bottom right corner of the window. When you click on it it opens a menu and one of the options is override useragent. It provides a simple change of useragent without any browser extions! Hope this helps! Best regards and good luck!
-Sharpiee

[imthebest69]

I have to say, this is probably the worst challenge so far.
Some steps are just senseless, you will know what I mean after you've completed the mission.
I don't know if it ever even was intended for these challenges to progress in any order of skill or method, but this one is just weird. I might be wrong but I don't see how this challenge is any bit realistic (not that the others are super realistic either, but at least the methods are somewhat), I can't see anyone writing their website like this; what I mean is that they have good security somewhere but then the most essential access point is not very secure.
My post seemed to become a little review, hehe.
But still, I didn't want to bother downloading any addons for anything just for this mission so I'm going to leave this one out.

[thaeraser]

For a weird reason, my browser changes me user-agent everytime.
I changed it to holy_teacher, and every time he changed it back to something like User-Agent=holy_teacher/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0

Anyone knows why?
Using TamperData everytime you click a link is not eazy to work with.

[Sl1ck_x]

From about Basic mission 8, I've been coming to these forums just to browse through the questions and see if any of problems here relate to the part that I'm stuck. And every single time, I have been able to complete them all by just reading the forums. If anyone else comes by this post just please re-read/skim this thread before you post a question. Because this side of the forum is relatively inactive most of the time, and no one will be here to answer your question.

But to save you the time and trouble of having to go back to page 1, I'm going to help summarize the steps involved.

1. Browse the entire website and don't be afraid to check out their sources as well. (If you're really ambitious, test for vulnerabilities along the way. I.e. URL's, code/sql injections, apache exploits, ect.)

2. Find the faculties login page and use a teacher's username and password. *Hint* Go to your bathroom ... Now what do you see?

3. Once you're in, it's self explanatory but User-agent knowledge is needed. FF has a great add-on for this. Make sure you don't just change the description though!

4. Once you're IN in, grab a cookie but don't eat it! "Not 1" bite! *Hint* Those quotes aren't misplaced.

6. I skipped a step because the previous one is self explanatory. Now revert back to step 1 for the changing of grades.

I tried to tipetoe on the line of what's spoilerish and what's not. Please feel free to edit, if this post displeases you.

[andervish]

OK, nice challenge) Though there is a bit of bug there. Page where grades are changed does not accept variables via POST method, though it should do so as method="post" is written in the source code (checked that by sending HTTP requests manually using Live_HTTP_Headers add-on for firefox). Well, may be it's just a joke as that page is not useful anyway due to "grades can be changed only form original page" restriction))

[f1r3fly_s3r3n1ty]

Ok, managed to log in as s****. But how were we supposed to figure out to try her? Or should we have just tried every teacher out there? Makes no sense.

Hey guys, I'm having real trouble with the staff login. I have a username, but I haven't a single idea about the password.

Managed finally get through. Some hints for above posters (hopefully not too spoilish)
Many have said s****** already. Why?

I just wanted to point out that there are multiple logins that work, not just s******. Some people might find this helpful, if not down-right bad ass:

Code: Select all

hydra -L staffList.txt -P /usr/share/dict/cracklib-small -e nsr 198.148.81.135 http-post-form "/missions/realistic/10/staff.php:username=^USER^&password=^PASS^:S=Welcome:H=Cookie:PHPSESSID=YOURPHPSESSID:H=Referer:www.hackthissite.org/missions/realistic/10/staff.php" -V


Some notes about above command:
-e nsr; trys null (n), same (s), and reverse (r) of the username for the password (try the easy stuff first )
S=Welcome; Successful (S) login message, searches reply for "Welcome" string to determine a successful password. Alternatively, you can omit the S= flag to check for a fail message.
H=Cookie:PHPSESSID=YOURPHPSESSID; hydra can set any header (H) values to whatever you want. In this case we need the PHPSESSID cookie set in order to authorize a login attempt (security mechanism utilized by HTS, not the mission site).
H=Referer:www.hackthissite.org/missions/realistic/10/staff.php; (security mechanism utilized by the mission site)
I was able to find out which headers were needed by reviewing server responses via an ethereal (wireshark) dump.

and one last thing:
INTERCEPTING PROXY > browser add-ons in every single way. I'm shocked at how many people rely on firebug as their main attack tool...