Please ask questions only in this topic.

Re: Please ask questions only in this topic.

Post by ANONRA on Sun Jul 25, 2010 6:58 am
([msg=42667]see Re: Please ask questions only in this topic.[/msg])

Everything you need to know to complete this mission you have already done in other missions. You just have to use them to your best advantage. Read up about poison null bytes it will help in this mission. Check them out here: http://hakipedia.com/index.php/Poison_Null_Byte . Look at everything to get a grasp as to how the site is put together and you will see it is not as hard as you think. A little knowledge of perl would help but not really needed. What you need most in this mission is your eyes and a little programming know-how! Look for ways to exploit the site, where can you use the things you learned on past missions to best effect? How can you make the site show you things you wouldn't normally be able to see? Start thinking outside the box and try not to make things hard for yourself. Look for the sinple solutions. They are best here! When you complete it your will realise how easy it really was. Happy Hackin.
ANONRA
New User
New User
 
Posts: 7
Joined: Mon Aug 17, 2009 2:34 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by deadheadd on Wed Aug 18, 2010 10:49 pm
([msg=43911]see Re: Please ask questions only in this topic.[/msg])

hahaha I too got a UN/PW combo and then sat there with it wondering where it was supposed to go for like 5 minutes :D

silli silli me...great mission!

on the perl for those who dont know it, almost any nix systems got it so if you have shell somewhere try that or for windows use activestate perl. if you just take the 2 subs and copy/paste them you can manually brute it...pretty easy to find a key that works....

something like:
#!/usr/bin/perl
my $key = v******("thingiwanttotry");
print "that returns: $key\n";

and paste the 2 subs you need below...
deadheadd
New User
New User
 
Posts: 1
Joined: Wed Aug 18, 2010 10:25 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by yagmoth on Fri Oct 08, 2010 2:16 pm
([msg=47255]see Re: Please ask questions only in this topic.[/msg])

Hi, everybody!
i have a question, i now te password for the m++++++++.c++, that's i++++++ works but i don't understand why it works???? anyone can explain me???

I know the function ins't protected but i don´t really undestand why y returns t+++ when the 'pass' is type.

thanks.
EDIT: anyone can help me?
yagmoth
New User
New User
 
Posts: 1
Joined: Fri Oct 08, 2010 2:09 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by PurpleNurple on Sun Nov 21, 2010 3:03 pm
([msg=49199]see Re: Please ask questions only in this topic.[/msg])

I've made it this far without asking for help but I'm stumped on this.
Ill try an keep it spoiler free.

I understand how the script retrieves files and what it appends to the query.
I understand how the poisoned null byte works and why it works.
I've used it to view the contents of the directory and found the important files.

My problems start when i attempt to open any other file using the poisoned null byte.
Im trying :

.../missions/realistic/14/****.c**?*****=m******%**

but i just keep getting:

failed to load m********<?>.news

<?> is a little graphic on the actual page.

I cant read any files in this manner but as far as my understanding of how the poisoned null byte works, this should be ok.
Any help appreciated!
Basic: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11)
Realistic: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13)
Javascript: (1) (2) (3) (4) (5) (6) (7)
Extbasic: (1) (2) (3) (4) (6)
User avatar
PurpleNurple
New User
New User
 
Posts: 3
Joined: Sun Nov 21, 2010 8:41 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by TheW45P on Sun Apr 15, 2012 11:21 am
([msg=65710]see Re: Please ask questions only in this topic.[/msg])

I figured out how to read the .cgi Source-Code but it seems not to work with the login script.
Is this a bug?
TheW45P
New User
New User
 
Posts: 2
Joined: Tue Apr 10, 2012 1:10 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by LoGiCaL__ on Sat Sep 15, 2012 8:46 am
([msg=69381]see Re: Please ask questions only in this topic.[/msg])

That one took me a while, but I finally got it. By far the best mission so far in my eyes. Thanks again HTS!!
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by 3vilp4wn on Sat Mar 23, 2013 2:09 pm
([msg=74688]see Re: Please ask questions only in this topic.[/msg])

Can someone confirm that in m********.c** a id of "123456" will return a value of "178799" (and thus, 0 in the script.)
I'm not sure if my script is working.
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


View *** Info in M*** panel

Post by vn_rootkit on Fri Jul 12, 2013 10:20 am
([msg=76422]see View *** Info in M*** panel[/msg])

After successfully bypassing validate code in M***.c**, how do i get a correct account id?
vn_rootkit
New User
New User
 
Posts: 4
Joined: Tue Feb 10, 2009 3:11 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by sabin007 on Fri Jul 12, 2013 12:22 pm
([msg=76425]see Re: Please ask questions only in this topic.[/msg])

Sorry for going off-topic but
would it be a good idea to get familiarized with Ubuntu in VirtualBox first and then later dual-booting it or to directly dual-boot it and get going?
Any kind of help would be appreciated. Thanks.
sabin007
New User
New User
 
Posts: 23
Joined: Fri Jun 07, 2013 8:39 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by -Ninjex- on Fri Jul 12, 2013 2:50 pm
([msg=76428]see Re: Please ask questions only in this topic.[/msg])

sabin007 wrote:Sorry for going off-topic but
would it be a good idea to get familiarized with Ubuntu in VirtualBox first and then later dual-booting it or to directly dual-boot it and get going?
Any kind of help would be appreciated. Thanks.


If you do not feel comfortable with it, then go ahead and use a vm until you do.
Like the AT&T guy says, "It's not that complicated."
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1471
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 14) Yuppers Internet Solutions

Who is online

Users browsing this forum: No registered users and 0 guests