Please ask questions ONLY in this topic.

One of your best friends has reason to believe that his girlfriend has been cheating on him. He thinks that she's been sending emails back and forth with this other guy, but he has no for sure proof. Now it's your turn to show him what a valuable friend you are!

Re: the emails

Post by mat12345 on Thu Jul 03, 2008 7:56 pm
([msg=6504]see Re: the emails[/msg])

where do sent them?? i have them 2.. :/
mat12345
New User
New User
 
Posts: 1
Joined: Thu Jun 26, 2008 4:03 am
Blog: View Blog (0)


Re: the emails

Post by canassassin on Fri Jul 04, 2008 10:11 pm
([msg=6593]see Re: the emails[/msg])

On the left side of the screen under your username(while on homepage), there is a link that says HTS Messages center. Click on that link and use the following info:

To: SaveTheWhales

Subject: Just leave the subject blank.

Content:
Your list of email addresses (all 9)

Hope this is what your looking for. It took me a while to figure it out.
canassassin
New User
New User
 
Posts: 1
Joined: Fri Jul 04, 2008 9:46 pm
Blog: View Blog (0)


Re: Can i please get a hint or 2?

Post by shred_da_gnar on Thu Jul 10, 2008 5:33 pm
([msg=7123]see Re: Can i please get a hint or 2?[/msg])

hmm well i havent done it either but ill try to give you a shove in the right direction...
i dont really know if this will get you on the right track or not but...
when you click on the two links that are shown pay attention to what is in the address bar after you click on the first one.
notice what kind of file it is...
shred_da_gnar
New User
New User
 
Posts: 3
Joined: Wed Jul 09, 2008 4:03 pm
Blog: View Blog (0)


What am I missing?!

Post by f22 on Sun Sep 28, 2008 10:32 pm
([msg=12764]see What am I missing?![/msg])

I've carefully checked the source of every page and experimented with different inputs on every field I could find, but I can't find the lead to this mysterious "thing that happens when you register a user". Ive even figured out to get the l****.s** file and dec****** it to find out about the c*****.txt file, which I assume that I need to overwrite so it points to a different file, but I have no idea what I would exploit to do this.

Can someone please post (or PM) where specifically this clue lies?
f22
New User
New User
 
Posts: 13
Joined: Sun Sep 28, 2008 10:06 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Elligari on Mon Sep 29, 2008 2:09 pm
([msg=12807]see Re: Please ask questions ONLY in this topic.[/msg])

The names aren't sanitized, so you can use some 'unusual characters' in there. Wonder what would happen if our name was a command... That command could reach something, right?
»Those whos memories fade seek to carve them into their hearts«
»All dreams are but another reality, never forget«

Image
Elligari
New User
New User
 
Posts: 41
Joined: Thu Aug 21, 2008 1:32 pm
Location: /dev/null
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by f22 on Mon Sep 29, 2008 8:05 pm
([msg=12819]see Re: Please ask questions ONLY in this topic.[/msg])

Well yeah, I know that, but that doesn't really help me unless I know what is actually happening with that value. I don't even know what language the server is using to process it. Everyone seems to keep mentioning some clue somewhere, but I can't seem to find it. Or maybe it's something you are just supposed to know if you have some web developing experience (which I don't). :|
f22
New User
New User
 
Posts: 13
Joined: Sun Sep 28, 2008 10:06 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by f22 on Fri Oct 03, 2008 2:08 pm
([msg=13069]see Re: Please ask questions ONLY in this topic.[/msg])

Alright, I just finished this mission, but only really by looking at all the hints. I'm still very curious as to how I was supposed to figure out how the system stored the user information (which is the only way I would have known what to do on my own).
f22
New User
New User
 
Posts: 13
Joined: Sun Sep 28, 2008 10:06 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Poopsicle on Wed Oct 15, 2008 12:38 am
([msg=13715]see Re: Please ask questions ONLY in this topic.[/msg])

Im stuck. I found c*****.***. I found a***_****=a***.***.I found A*****=f****.From there I dont know where to go.I got Sothinks FD but i dont know what to do with it.I captured the Admin login but what after that? Plus I dont know where to overwrite the something Im supposed to verwrtie.Any push would help.Thanks









'
Poopsicle
New User
New User
 
Posts: 1
Joined: Wed Oct 15, 2008 12:30 am
Blog: View Blog (0)


Re: need a hint

Post by Damascus2k8 on Wed Jan 07, 2009 2:55 am
([msg=15698]see Re: need a hint[/msg])

dangerduo wrote:stuck at the overwrite portion. I would assume I must get rid of the numerical value follow by the semi-colon some how but that field only take numerical value...?

Can someone offer some hint / suggestion on how to approach this issue?

Thanks.


This is my problem also. I have everything else, (and managed to work it all out myself by the way 8-) ), but after turning to the article im even more lost now.

Is this supposed to be just a character you stick on the end of your "expoit text", ie: what you are overwriting the file with? Because i cannot find anything! ive googled for hours upon hours, and theres nothing out there, and everything i try just causes the flash movie to hang...

I've been watching everything that is getting sent between flash and the server, using a combination of wireshark/smartsniff/tamperdata so i know none of what im trying is even close to working.

-more to the point, i know that much about load variables now that if i see another article on the subject i swear my head will explode!

Another thing: am i correct in thinking this all has to be in one box? and the others empty?

Can anyone help me/us on this please?

DamascuS


C0362AF19B89E861F21485CE1D2B430E



"Change your thoughts and you change your world!"
Damascus2k8
Experienced User
Experienced User
 
Posts: 68
Joined: Mon Apr 14, 2008 8:18 pm
Location: /root
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by xelix on Wed Jan 07, 2009 3:21 am
([msg=15700]see Re: Please ask questions ONLY in this topic.[/msg])

Damascus2k8,

Remember, you can comment out certain things in the file. So, make sure your line doesn't end with anything you wouldn't want it too.
shutdown -h 0 "Since when is death an option?"
Image
Image
User avatar
xelix
Experienced User
Experienced User
 
Posts: 52
Joined: Mon Oct 20, 2008 1:00 pm
Location: mv -f / /dev/null && shutdown -h 0 "You just lost the game."
Blog: View Blog (0)


PreviousNext

Return to (Real 16) Simple Mail

Who is online

Users browsing this forum: No registered users and 0 guests