Please ask questions only in this topic.

[Defience]

Hi!

I have copied the script from m***r.c** and guessed the correct id, but when I try it in the m***r.c** I get always You have entered an invalid id. Can somebody check my script and approve my guessed id? Chomp() is not my case. Any help will be appreciated.

I'd suggest sending a pm to 'Eljonto', he's a moderator and a whiz with perl.

[neversolo]

lol im feeling so dumb right now..

i have used the null byte [Edited by Defience] but now im stuck.. i dont know what to do with the codes.
is there anyone out there that could tell me what to do with these? ive been staring and researching about them for about an hour now..

im really a noob at this and know little about html and javascript and all that i know with these are the lessons that have been taught for the last missions.

should i read about perl command executions?

what am i to do?

pls help.. ^_^

(sorry for the bad english)

-neversolo

[UKCrack]

The article on this challenge can prove a huge help.
I did not personally learn Perl at all, and I managed to solve it.
So take a look around =]

[Defience]

lol im feeling so dumb right now..

i have used the null byte [Edited by Defience] but now im stuck.. i dont know what to do with the codes.
is there anyone out there that could tell me what to do with these? ive been staring and researching about them for about an hour now..

im really a noob at this and know little about html and javascript and all that i know with these are the lessons that have been taught for the last missions.

should i read about perl command executions?

what am i to do?

pls help.. ^_^

(sorry for the bad english)

-neversolo

You don't have to learn perl for this but it's set up this way in hopes that you will at least dapple in perl to learn some new things. Try taking a good hard look at the code and the process it goes through.

[eljonto]

Defience is right, once you understand what the code does, you should understand how you can simply make minor edits to it to be of more use to you- or if you REALLY don't want to use perl (can't imagine why ) then you should understand the validation method and be able to come up with a key an alternate way.

[neversolo]

tnx for the replies.
ive stayed up last night to learn the basics of perl and now i have a little understanding about it..

i just might do as you say here but if i cant still get pass through this one today i think ill skip this mission for now..^_^


note: eljonto, i take back my words.. i like perl now ^_^ lolz

[stamba]

Hey guys.
I got the list of files.
I've created a php script and logged in m********.c**. What am I looking for in here? I mean a**** and a***********r user names don't work. Also, a****@h***********.**g doesn't work.
In the description of the mission, there is no From user. I really have no idea what am I looking for. Wild's don't work. At least, the ones I've tried didn't.

I've accessed the source of a************.c**. How do I bypass the if condition? I found about this page in ad_****/c*****-l**.t** file.

I've looked at .h******s files (both of them), but nothing is in them (worth looking)...
p*****.t** gives me only chat rooms, but I can't access them without logging in.

I cant access we*******/d*.c**.
I'm really stuck. Any hints what should I try next? How do I view the source of pages inside a subdir (we*******/d*.c**)?

Thanks!

EDIT:
Never mind... I wasn't looking everywhere!
Got it!

[rsrvctrl]

I've done something I really regret now.

Couple days ago I solved the mission using a walkthrough on youtube. To say it contains spoilers would be an understatement. Anyway, I've opted to do all these missions in chronological order, but I don't want to start mission 15 before I actually understand the solution to mission 14.

I worked out how to use the poisoned null byte to make n***.c** show me the contents of other files. Then I spent a LOT of time trying to find the key needed for m********.c**. I don't think I can say what unsuccessful methods I tried, but lets just say one of them took over 19 hours but returned no match.

The remainder of the mission I would've worked out by myself eventually. The part that takes the wild thinking would've probably taken me some time, but I'm sure I'd get it reading through this thread looking for clues for that specific part of the mission.

So since I solved the mission I'm still trying to work out a way to make (part(s)) of m********.c** tell me what I need to know. Can someone help me on this script?

[TheMindRapist]

So since I solved the mission I'm still trying to work out a way to make (part(s)) of m********.c** tell me what I need to know. Can someone help me on this script?

No...

You're essentially saying that you could do the mission "eventually" except you can't.

[rsrvctrl]

So since I solved the mission I'm still trying to work out a way to make (part(s)) of m********.c** tell me what I need to know. Can someone help me on this script?

No...

You're essentially saying that you could do the mission "eventually" except you can't.

No...

I'm essentially saying that I could do THE REST the mission "eventually".

-- Sat Jul 17, 2010 10:22 pm --

The somewhat harsh reply by TheMindRapist made me even more frantic about understanding this mission. I guess I deserved that.

So yesterday I spent another day trying to figure things out. Somewhat desperately, yesterday evening I went to my brothers' place. He's a ZCE, so I figured he'd be able to help me on m********.c**, and he was. By the end of the night he had opened my eyes to the "flow" of the script without spoiling my "Eureka!" moment (which was the moment I suddenly totally understood where to add a command to show the value of a certain variable, which made bruteforcing a lot easier). Also, now I understand all calculus being performed on the POST data.

Still don't understand exactly why the wild thinking helps, but as I just passed HBH basic 5 and found a few good clues in this thread, it wouldn't have taken me long.

Still regret taking the shortcut though. I'm here to learn something and because I see this as some sort of game. Using trainers in general games make me loose interest in the game. So I'll never do this @ HTS again. Why would I have admitted to my mistake and want to "post-understand" mission 14 if I only wanted mission points or something(?) If I fail to get passed one of the next missions using legit sources of info, I promise to just move on to the next.