Please ask questions in this topic ONLY

Re: Please ask questions in this topic ONLY

Post by ab_221990 on Fri Sep 06, 2013 11:09 pm
([msg=77283]see Re: Please ask questions in this topic ONLY[/msg])

limdis wrote:
ab_221990 wrote:Hey guys,

Any mod or dev I can PM right now ? Got a few questions about this mission and the previous one...

Sure. You'll need to post one more time in the forums to use the message system here.

New User
New User
Posts: 2
Joined: Thu Sep 05, 2013 11:06 am
Blog: View Blog (0)

Re: Please ask questions in this topic ONLY

Post by R0ot_ on Fri Dec 05, 2014 1:20 pm
([msg=85658]see Re: Please ask questions in this topic ONLY[/msg])

Someone must have taken the pass out of the guestbook, because I spent a long time searching it with no luck. Then I had an idea maybe someone just posted the pass to be a *dick in there. This mission can't be that easy, and why would a kids guestbook have administration pass.

So then I started from scratch again, what's with this website. AH! A huge exploit is sitting right in-front of me! I don't use windows ( billy boy isn't stepping a foot in my home ) so I'm not very good with windows commands. Had to really think about the clues given by the mission. Although the exploit is there, doesn't mean you will see it right away. To be honest sometimes the easiest of exploits sitting right in front of you are very well hidden by your imagination.

For some it will be easy, but then with others like myself you will beat your head on a desk.

You will need to understand how a url works in this instance and how to make it work for what you want. Look at the pages source in firebug and see how the guestbook is being served.

I don't want to give to much away, you will learn something new from this and always new things are great to have under your belt.

New User
New User
Posts: 21
Joined: Mon Dec 01, 2014 1:38 pm
Blog: View Blog (0)

Re: Please ask questions in this topic ONLY

Post by icespeech on Sun Sep 20, 2015 4:54 am
([msg=89836]see Re: Please ask questions in this topic ONLY[/msg])

Hi everybody :).

I don't know what I was doing wrong but somehow I cannot get things done like others did.
I put the ****:///*:/ paths or just *:/ or ****://*:/ whatever all the combination like many people have mentioned,
and it just keeps saying "File not found." to me.
(My browser is Firefox 40, I don't know if it's the reason for such behavior like it encodes the path or something.)

So I cannot get any information from that directory traversal trick.
Then I just go to the *********.txt and read the messages there,
I've found a filename that looks like the "admin panel" which everyone talked about.
And just by using this filename, I passed this mission.

I don't know if there was something I did wrong actually or this traversal trick just cannot be used in this level again.
Can someone who had finished this level checks this by doing that again ?
If you can do that please PM me because I really want to know where is the wrong point I've done.

Thank you. :)

(Sorry if my post is wrong somewhere in English, I'm not native English user :S)
New User
New User
Posts: 1
Joined: Wed Sep 16, 2015 2:36 am
Blog: View Blog (0)

Re: Please ask questions in this topic ONLY

Post by Ethermist on Sun Jan 10, 2016 2:06 pm
([msg=91243]see Re: Please ask questions in this topic ONLY[/msg])

It looks like the initial '.pl' does not allow any directory paths to be done within the Address bar provided for the page.
Also, using the URL manually doesn't allow it either.

However using a different '.pl' with the server directory path formatting worked...

And keep in mind that there are two different formats (depending on how the search is submitted)...

Hopefully, that's not too spoiler-ish but helps those who know what needs to be done and hit a wall with the navigation.

For me, I just had to step back and try every combination I could think of, in every location I could think of, and with every .pl I knew about...which was tedious but got me to the place I needed to be. And once I found it, I also discovered there were two slightly different ways to get there. =)

New User
New User
Posts: 7
Joined: Wed Dec 30, 2015 11:08 pm
Blog: View Blog (0)


Return to (Real 12) Heartland School District

Who is online

Users browsing this forum: No registered users and 0 guests