Page 11 of 12

Re: Please ask questions only in this topic.

PostPosted: Sun Jul 25, 2010 6:58 am
by ANONRA
Everything you need to know to complete this mission you have already done in other missions. You just have to use them to your best advantage. Read up about poison null bytes it will help in this mission. Check them out here: http://hakipedia.com/index.php/Poison_Null_Byte . Look at everything to get a grasp as to how the site is put together and you will see it is not as hard as you think. A little knowledge of perl would help but not really needed. What you need most in this mission is your eyes and a little programming know-how! Look for ways to exploit the site, where can you use the things you learned on past missions to best effect? How can you make the site show you things you wouldn't normally be able to see? Start thinking outside the box and try not to make things hard for yourself. Look for the sinple solutions. They are best here! When you complete it your will realise how easy it really was. Happy Hackin.

Re: Please ask questions only in this topic.

PostPosted: Wed Aug 18, 2010 10:49 pm
by deadheadd
hahaha I too got a UN/PW combo and then sat there with it wondering where it was supposed to go for like 5 minutes :D

silli silli me...great mission!

on the perl for those who dont know it, almost any nix systems got it so if you have shell somewhere try that or for windows use activestate perl. if you just take the 2 subs and copy/paste them you can manually brute it...pretty easy to find a key that works....

something like:
#!/usr/bin/perl
my $key = v******("thingiwanttotry");
print "that returns: $key\n";

and paste the 2 subs you need below...

Re: Please ask questions only in this topic.

PostPosted: Fri Oct 08, 2010 2:16 pm
by yagmoth
Hi, everybody!
i have a question, i now te password for the m++++++++.c++, that's i++++++ works but i don't understand why it works???? anyone can explain me???

I know the function ins't protected but i donĀ“t really undestand why y returns t+++ when the 'pass' is type.

thanks.
EDIT: anyone can help me?

Re: Please ask questions only in this topic.

PostPosted: Sun Nov 21, 2010 3:03 pm
by PurpleNurple
I've made it this far without asking for help but I'm stumped on this.
Ill try an keep it spoiler free.

I understand how the script retrieves files and what it appends to the query.
I understand how the poisoned null byte works and why it works.
I've used it to view the contents of the directory and found the important files.

My problems start when i attempt to open any other file using the poisoned null byte.
Im trying :

.../missions/realistic/14/****.c**?*****=m******%**

but i just keep getting:

failed to load m********<?>.news

<?> is a little graphic on the actual page.

I cant read any files in this manner but as far as my understanding of how the poisoned null byte works, this should be ok.
Any help appreciated!

Re: Please ask questions only in this topic.

PostPosted: Sun Apr 15, 2012 11:21 am
by TheW45P
I figured out how to read the .cgi Source-Code but it seems not to work with the login script.
Is this a bug?

Re: Please ask questions only in this topic.

PostPosted: Sat Sep 15, 2012 8:46 am
by LoGiCaL__
That one took me a while, but I finally got it. By far the best mission so far in my eyes. Thanks again HTS!!

Re: Please ask questions only in this topic.

PostPosted: Sat Mar 23, 2013 2:09 pm
by 3vilp4wn
Can someone confirm that in m********.c** a id of "123456" will return a value of "178799" (and thus, 0 in the script.)
I'm not sure if my script is working.

View *** Info in M*** panel

PostPosted: Fri Jul 12, 2013 10:20 am
by vn_rootkit
After successfully bypassing validate code in M***.c**, how do i get a correct account id?

Re: Please ask questions only in this topic.

PostPosted: Fri Jul 12, 2013 12:22 pm
by sabin007
Sorry for going off-topic but
would it be a good idea to get familiarized with Ubuntu in VirtualBox first and then later dual-booting it or to directly dual-boot it and get going?
Any kind of help would be appreciated. Thanks.

Re: Please ask questions only in this topic.

PostPosted: Fri Jul 12, 2013 2:50 pm
by -Ninjex-
sabin007 wrote:Sorry for going off-topic but
would it be a good idea to get familiarized with Ubuntu in VirtualBox first and then later dual-booting it or to directly dual-boot it and get going?
Any kind of help would be appreciated. Thanks.


If you do not feel comfortable with it, then go ahead and use a vm until you do.
Like the AT&T guy says, "It's not that complicated."