Please ask questions ONLY in this topic.

One of your best friends has reason to believe that his girlfriend has been cheating on him. He thinks that she's been sending emails back and forth with this other guy, but he has no for sure proof. Now it's your turn to show him what a valuable friend you are!

Re: Please ask questions ONLY in this topic.

Post by Defience on Mon Mar 23, 2009 1:18 pm
([msg=20394]see Re: Please ask questions ONLY in this topic.[/msg])

Smokeho wrote:Maybe I wasn't clear enough. Yes, it's the right username, yes, I can edit, but in order for it to work when i press Login, that line for the timezone has to be commented or something, right? I don't know any other method.


What I would suggest is to go to the Article section and find the one that's there on Real 16. Read through it and 'walk' along with it and see if it takes you in the same direction in which you are trying.
User avatar
Defience
Addict
Addict
 
Posts: 1277
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Finarfin Palantir on Fri Jun 05, 2009 9:01 am
([msg=24914]see Re: Please ask questions ONLY in this topic.[/msg])

OK, I don't know how nobody else has been struggling for over a month, but I'm blasted away.

I've found the page with the flash file,

I know where there ******.t** of the admin users lies and I also know where that exact same file for the user lies, I understand the the challenge can't really overwrite that file since a whole bunch of people would then complete the challenge until the file is reset, but I can't for the life of me figure out which way to go.

I know the exact field that goes to the top line of the user file mentioned above is and I know I should terminate it, so currently I have that value on my profile page set to

a***_****=******.t**&a****d=t***
With a last character at the end since there is more in the mentioned file than just what I need.

But for some reason after I update and try to login on the page with flash I still get an access denied error?
Am I missing something totally obvious?
Finarfin Palantir
New User
New User
 
Posts: 34
Joined: Mon Jul 21, 2008 2:53 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Fri Jun 05, 2009 3:19 pm
([msg=24931]see Re: Please ask questions ONLY in this topic.[/msg])

Finarfin Palantir wrote:OK, I don't know how nobody else has been struggling for over a month, but I'm blasted away.

I've found the page with the flash file,

I know where there ******.t** of the admin users lies and I also know where that exact same file for the user lies, I understand the the challenge can't really overwrite that file since a whole bunch of people would then complete the challenge until the file is reset, but I can't for the life of me figure out which way to go.

I know the exact field that goes to the top line of the user file mentioned above is and I know I should terminate it, so currently I have that value on my profile page set to

a***_****=******.t**&a****d=t***
With a last character at the end since there is more in the mentioned file than just what I need.

But for some reason after I update and try to login on the page with flash I still get an access denied error?
Am I missing something totally obvious?


The username that you choose to register with is important. The script above looks fine. If you can't login as admin then it's probably the username issue. If you can login as admin but can't view the emails, a flash decompiler can help. Also, make sure you're using Firefox for this.
User avatar
Defience
Addict
Addict
 
Posts: 1277
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Finarfin Palantir on Mon Jun 08, 2009 8:42 am
([msg=25052]see Re: Please ask questions ONLY in this topic.[/msg])

Thanks

I am working in Firefox... I sent a pm to prevent spoilers. I'm pretty sure after what you've said that I'm close and as far as I'm concerned the Username is fine, because I did get a "sort of error message" if you know what I mean? Anyway, thanks for your time, greatly appreciated.

EDIT: OMS, if you think your missing something really really obvious, then you really really are missing something obvious.
Finarfin Palantir
New User
New User
 
Posts: 34
Joined: Mon Jul 21, 2008 2:53 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by BLA40R on Thu Jul 30, 2009 10:58 pm
([msg=27696]see Re: Please ask questions ONLY in this topic.[/msg])

Hello everybody!
I started Realistic 16, and I get results very quickly because I can enter to the admin website, and the (L****.s**) file .But do you have any idea of how I can change c*****.t*t file ?? (I enter to the Bob's Super Site)

Thanks!!

BLA40R
BLA40R
New User
New User
 
Posts: 2
Joined: Fri Jun 27, 2008 2:04 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Fri Jul 31, 2009 5:02 pm
([msg=27729]see Re: Please ask questions ONLY in this topic.[/msg])

Maybe you can exploit the members registration area?
User avatar
Defience
Addict
Addict
 
Posts: 1277
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by BLA40R on Sat Aug 01, 2009 2:27 pm
([msg=27767]see Re: Please ask questions ONLY in this topic.[/msg])

Defience wrote:Maybe you can exploit the members registration area?

I´ve tried several ways to exploit the registration Area. But no results . I Been stuck there for a while.
I feel like an stupid but Another Idea??
BLA40R
New User
New User
 
Posts: 2
Joined: Fri Jun 27, 2008 2:04 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by eljonto on Sat Aug 01, 2009 5:50 pm
([msg=27770]see Re: Please ask questions ONLY in this topic.[/msg])

ok, you know that you gotta edit the c*****.t** file, lookaround the site when ur logged in, where does the site save your account details such as decsription etc? then you'll need to figure out how to change the path where your details save, think DT, and think how your username is effective here, then create a new account with the appropriate username.
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by hziggles on Mon Aug 17, 2009 10:10 pm
([msg=28074]see Re: Please ask questions ONLY in this topic.[/msg])

OK I've been sitting on this one for a while, and I just can't get it. I freaking can't find out how to overwrite the c*****.txt file (I think that's the one I need to overwrite, but it might be a***.p**), or where user details are saved. This is getting ridiculous. Please give me a biig push in the right direction and then hold a sword to the back of my head so I can't turn around. I need help on this one people.
hziggles
New User
New User
 
Posts: 3
Joined: Wed Sep 03, 2008 4:38 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by OnlyHuman on Thu Sep 10, 2009 4:36 am
([msg=29443]see Re: Please ask questions ONLY in this topic.[/msg])

I just started this one, and I've put together some really good notes already. I understand how the pages are linked and have drawn conclusions about various portions of the server's directory structure. My issue is a matter of access. So, in order to prevent me from blindly chasing rabbits here, is it at all possible to complete this mission without registering an account with SimpleMail? Namely, is it possible to gain account privileges, without going through the registration process? I don't need to know how it's done, just whether or not that functionality exists within this mission. I'm assuming the session handling is done by a specific module pushed by in***.p**, and that login could possibly be achieved by exploiting certain aspects of said module. I know that in a real world situation, I'd need to discover this for myself, which could take quite a long time, and loads of experimentation. But, based on the posts that have been written here, and the tutorial for this mission, my assumptions could lead me on a long and fruitless journey. I'm not really asking for a handout in this sense, just a little guidance. So, if this method of gaining access is just a dark alley, I'd like to know so that I'm not wasting my time. Thanks.

EDIT:

I just finished this one, following the method discussed here, and am still not 100% sure that I wasn't on the right path before. So, I'm still interested to know if there was an alternate method of gaining access. The mods and devs elude to the possibility, but I gave up on finding it once I saw a much simpler path. Perhaps somebody could send me a message hinting at an alternate solution. It would be worth trying a second time.

Here's a bit of info for those having trouble:

    1. There is absolutely no need for a packet sniffer on this mission. That was probably the biggest misconception from the tutorial. However, now that I've completed the mission, I fully understand why it was suggested.

    2. A Flash Decompiler isn't needed but it definitely cuts down on the experimentation time.

      I saw that somebody asked for a good free one. flasm and flare did the job for me. Both are also cross platform as far as I know. And, they're good at what they do.

    3. If you do decide to use a decompiler, put off using it until late in the mission, otherwise, you're just going to confuse yourself.

    4. Overwriting that certain pain in the ass file, is actually fairly simple. The required parts are pretty much a given, however there is the aspect of making sure only certain things get read from the file. And, unfortunately, like most people, I made quite a bit of noise during the learning process. Hint, remember that this IS a learning process, and that there are several characters that your keyboard will produce. Just go nuts until you find the right one(s). You'll know better next time.

Anyway, this was a fun mission. A little short, but fun. And, if anybody knows an alternate method of completing this one, please point me in that direction. It would be fun to try.
OnlyHuman
Poster
Poster
 
Posts: 191
Joined: Sat Aug 22, 2009 1:37 am
Blog: View Blog (0)


PreviousNext

Return to (Real 16) Simple Mail

Who is online

Users browsing this forum: No registered users and 0 guests