Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by conscience on Wed Apr 11, 2012 5:59 pm
([msg=65631]see Re: Please ask questions ONLY in this topic.[/msg])

r3p1ns wrote:You can even give your poem a name of "your" choice.


You can even give your poem a "name" of your choice.

BTW, excellent hint
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Slahd on Sat May 26, 2012 1:48 am
([msg=66611]see Re: Please ask questions ONLY in this topic.[/msg])

Okay, so I just solved it and I'm at a complete loss. I read through the thread and read up on Directory Traversal. Unfortunately, it all confuses me so much. So I would appreciate it if someone who does have an understand come PM me and explain the solution to me. I do have some kind of idea, but really, I'm grasping at straws here.
Thank you.
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
Slahd
Experienced User
Experienced User
 
Posts: 62
Joined: Sat May 28, 2011 12:24 pm
Location: Portland, OR
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Mon May 28, 2012 2:54 pm
([msg=66640]see Re: Please ask questions ONLY in this topic.[/msg])

Slahd wrote:Okay, so I just solved it and I'm at a complete loss. I read through the thread and read up on Directory Traversal. Unfortunately, it all confuses me so much. So I would appreciate it if someone who does have an understand come PM me and explain the solution to me. I do have some kind of idea, but really, I'm grasping at straws here.
Thank you.


Directory traversal is about referencing a directory other than the current working dir (I assume you're familiar with the concept of current/working directory), so you can, for example, detour a file write operation ;). Hope this helps.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Specktre on Wed May 30, 2012 6:01 pm
([msg=66696]see Re: Please ask questions ONLY in this topic.[/msg])

Hah, after five days, I've finally completed it! Here's a hint: you need to be very specific about where you place the directory traversal commands, make sure to try all the possibilities!
Specktre
New User
New User
 
Posts: 1
Joined: Wed Sep 21, 2011 10:53 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Slahd on Thu May 31, 2012 6:34 am
([msg=66710]see Re: Please ask questions ONLY in this topic.[/msg])

Based on what Monica seems to say, I'll condense the hints.

1. Read up on Directory Traversal. No seriously, Google it and stuff. If it gives you a headache, read about it sentence by sentence. And make sure you understand what's being said.
2. Know where to place the command. Where can you put the thing necessary to complete the mission?
3. Know what you want to do. How are you gonna do it? (Refer to hint 1)
4. When putting in your command, know how to phrase it. Sometimes, something smaller is more effective.
5. Know the difference between a .html file. And a .txt file
6. Think of how your computer stores files. It's a great analogy that works for this mission.
7. What's the difference between new and old? (Mysterious... Hmm...)

There. I hope none of these are too spoilerish. I don't mean to ruin it for anyone, just making this simple enough that an 11 year old should understand.
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
Slahd
Experienced User
Experienced User
 
Posts: 62
Joined: Sat May 28, 2011 12:24 pm
Location: Portland, OR
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by prasoon2211 on Fri Jun 08, 2012 8:30 am
([msg=67021]see Re: Please ask questions ONLY in this topic.[/msg])

Arghh....I wasted a whole afternoon trying out ssi and sql injections to no end. Then I came to the forum and got to read the content of the website carefully. Silly me, sql isn't even being used here. Seriously - I was going crazy thinking about how is it even possible to change contents of a file using sql :shock: And then I read the contents of the website to know that the script is actually saving the files - not writing them to a db or anything :mrgreen:
Anyway, to those who have not been able to figure it out yet, I guess you should see how PHP handles file. :D
prasoon2211
New User
New User
 
Posts: 1
Joined: Fri Jun 08, 2012 7:52 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by NyteSniper on Fri Jun 08, 2012 2:58 pm
([msg=67035]see Re: Please ask questions ONLY in this topic.[/msg])

It's really not as hard as it SEEMS, and directory traversal is everything on this one. Just think about how you would move around on the box and NEXT think about what you need to replace. Don't over think like I was lol

*Hope I'm obscure enough*
NyteSniper
New User
New User
 
Posts: 4
Joined: Wed Jul 21, 2010 10:38 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by MRFREE on Mon Jun 11, 2012 12:06 pm
([msg=67126]see Re: Please ask questions ONLY in this topic.[/msg])

Uhm I got a page that told me I was a weirdo. Thats not true right?
MRFREE
New User
New User
 
Posts: 17
Joined: Fri Jun 08, 2012 3:09 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by LoGiCaL__ on Mon Jun 11, 2012 12:41 pm
([msg=67129]see Re: Please ask questions ONLY in this topic.[/msg])

MRFREE wrote:Uhm I got a page that told me I was a weirdo. Thats not true right?


Usually those pages are pretty accurate. So I think it's safe to say it's spot on.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1061
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by DadMonster on Thu Jun 21, 2012 5:54 pm
([msg=67439]see Re: Please ask questions ONLY in this topic.[/msg])

Once I *finally* stumbled onto the answer, I started trying to find out who hacked the site. I tried creating an html file on the site with an SSI to list the directory, but just get one of the page not found errors. Can I assume that's not supported on the HTS but would work on a real world site? It would be cool if it worked here...
thanks for the great site!
DadMonster
New User
New User
 
Posts: 1
Joined: Thu Jun 21, 2012 5:47 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests