Please ask questions ONLY in this topic.

Uptight religious fanatics are failing free-thinking students for questioning their faith. Fulfill every teenage hacker's ultimate fantasy: hack into the school database and change grades! This level has several different layers of security and several different ways of completing it. Enjoy!

Re: Please ask questions ONLY in this topic.

Post by Biddaum27 on Sat Jun 06, 2009 12:46 pm
([msg=24963]see Re: Please ask questions ONLY in this topic.[/msg])

This a note to anyone who is having trouble with this mission: Firephp for firefox alters your useragent, atleast it did for me so if your having trouble try disabling it first.
Biddaum27
New User
New User
 
Posts: 4
Joined: Thu Apr 30, 2009 6:58 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by __Dragon__ on Tue Jun 09, 2009 1:37 pm
([msg=25119]see Re: Please ask questions ONLY in this topic.[/msg])

Ok I realize that I must change my user agent. But what I don't understand is two things. First, how did you know that you were supposed to change the user agent? :| And second, how did you know what to change it to? I don't want to finish the mission without understanding what I'm doing or why I'm doing it :(
__Dragon__
New User
New User
 
Posts: 4
Joined: Sun Jun 07, 2009 5:01 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by eXPeri3nc3 on Tue Jun 16, 2009 5:51 am
([msg=25426]see Re: Please ask questions ONLY in this topic.[/msg])

Hi all. Thanks for all the pointers and I manage to finish this mission. =D It's fun!

Regardless, I never expected the username to be 'that', however I have a rough idea on what the password is haha. I keep banging at the wrong username at first gah. :evil:
eXPeri3nc3
New User
New User
 
Posts: 3
Joined: Sun Jul 20, 2008 10:31 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Tue Jun 16, 2009 3:43 pm
([msg=25451]see Re: Please ask questions ONLY in this topic.[/msg])

__Dragon__ wrote:Ok I realize that I must change my user agent. But what I don't understand is two things. First, how did you know that you were supposed to change the user agent? :| And second, how did you know what to change it to? I don't want to finish the mission without understanding what I'm doing or why I'm doing it :(


Once you login as an administrator you are given a message which in part reads, "that access to the staff administration area is restricted to the district-supplied '****_*******' web browser." That's the answer to both of your questions.....
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by maroxe on Thu Jul 02, 2009 2:39 pm
([msg=26144]see Re: Please ask questions ONLY in this topic.[/msg])

I am stuck, i don't know where to start.
i belive teachers/grade tables are vulnerable to sql injection, but i don't know how?
am i missing something?
maroxe
New User
New User
 
Posts: 2
Joined: Wed Jun 24, 2009 2:28 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Defience on Thu Jul 02, 2009 4:46 pm
([msg=26148]see Re: Please ask questions ONLY in this topic.[/msg])

maroxe wrote:I am stuck, i don't know where to start.
i belive teachers/grade tables are vulnerable to sql injection, but i don't know how?
am i missing something?


Start with the mission description. It gives you some info you can use once you're in the site. From there, do the usual, look around, click things, check source codes, watch the url, and note anything of interest. Obviously a student level isn't going to be helpful so look for something that may lead you to a level with more privileges. Use what you've learned so far from other missions to complete your task. Also, read through all of the posts in this forum for other hints.
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by maroxe on Thu Jul 02, 2009 8:06 pm
([msg=26161]see Re: Please ask questions ONLY in this topic.[/msg])

Defience wrote:
maroxe wrote:I am stuck, i don't know where to start.
i belive teachers/grade tables are vulnerable to sql injection, but i don't know how?
am i missing something?


Start with the mission description. It gives you some info you can use once you're in the site. From there, do the usual, look around, click things, check source codes, watch the url, and note anything of interest. Obviously a student level isn't going to be helpful so look for something that may lead you to a level with more privileges. Use what you've learned so far from other missions to complete your task. Also, read through all of the posts in this forum for other hints.


well i tried staff.php only by chance :D
is it me or there is no gym teacher in the stafflist.php ?

also, how can i guess the password? it's purely chance!
maroxe
New User
New User
 
Posts: 2
Joined: Wed Jun 24, 2009 2:28 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by theknuckster on Fri Jul 17, 2009 10:01 am
([msg=26904]see Re: Please ask questions ONLY in this topic.[/msg])

I've just finished this mission, and I must say, I never had that sudden moment of realisation like I did in the other missions :|
However, I noticed that I didn't once use the holy_father user agent, but that could be because I found out where the login page was by pure luck.
So is that user agent how you're meant to find out the location of the login page?
theknuckster
New User
New User
 
Posts: 6
Joined: Tue Sep 09, 2008 1:28 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by superit23 on Mon Jul 27, 2009 6:24 pm
([msg=27556]see Re: Please ask questions ONLY in this topic.[/msg])

I know how to do it. But whenever I do, it just doesn't work. I use my add-on (the same one someone else gave the url to) and it does not work. I checked my config and it did what it was supposed too, but it still won't let me in.
superit23
New User
New User
 
Posts: 2
Joined: Fri Jul 24, 2009 1:02 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by samfox on Wed Aug 19, 2009 8:37 am
([msg=28149]see Re: Please ask questions ONLY in this topic.[/msg])

You will need to find out who will most likely be the admin by looking around. Now you should have an idea which account you will be wanting to login to, go ahead to the login page which you should have already found. This is now your time to play around with the username and password ... you will get it eventually.

Your greeted with 3 buttons and the obvious one you need to click but it says you are not an administrator so you cannot change grades. Think what you could do to give the account administrator privileges...
Now you can change grades you will notice it says you are too late to change grades, so you will have to find bits to work around this.

& Thats it. Done :) Hope ive not given too much away, tryed not to spoil it as much as possible.

[Edited by: Defience]
samfox
New User
New User
 
Posts: 2
Joined: Wed Aug 19, 2009 5:31 am
Blog: View Blog (0)


PreviousNext

Return to (Real 10) Holy Word High School

Who is online

Users browsing this forum: No registered users and 0 guests