Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by Cerberus0011 on Tue Jun 26, 2012 11:29 am
([msg=67527]see Re: Please ask questions ONLY in this topic.[/msg])

Please edit if this is a spoiler....
--A big hint is dont use firebug on this one...
--Once you have the right DT command entered in the right place,
a page is displayed that literally tells you how to finish the mission

What i would like to know is this;
Is it possible to find out who did it(bonus points) ?
and if so is that difficulty rating above easy? :?:
EDIT: Read another thread, no bonus points, just saved myself alot of time :)

Enjoy
Cerberus0011
New User
New User
 
Posts: 4
Joined: Tue Jun 26, 2012 3:55 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by juansf111 on Wed Jun 27, 2012 4:25 pm
([msg=67572]see Re: Please ask questions ONLY in this topic.[/msg])

LOL I got the solution while I was tryng something... Can someone explain it to em by PM plz?
juansf111
New User
New User
 
Posts: 2
Joined: Tue Jun 26, 2012 1:40 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by reeling on Sat Jul 07, 2012 11:04 am
([msg=67822]see Re: Please ask questions ONLY in this topic.[/msg])

I'm not sure how to ask this without giving a spoiler so sorry if it gives something away.

I am entering the data like this:
../new file
../ old file

how ever when I do that i get the message "you are on the right track but you are wrong" message. When i remove or add more ../ it just says that the poem has been added. I am completely stuck and have no idea what else to try. Any additional tips would be very much appreciated.
reeling
New User
New User
 
Posts: 1
Joined: Sat Jul 07, 2012 10:57 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Tue Jul 10, 2012 5:13 pm
([msg=67941]see Re: Please ask questions ONLY in this topic.[/msg])

reeling wrote:I'm not sure how to ask this without giving a spoiler so sorry if it gives something away.

I am entering the data like this:
../new file
../ old file

how ever when I do that i get the message "you are on the right track but you are wrong" message. When i remove or add more ../ it just says that the poem has been added. I am completely stuck and have no idea what else to try. Any additional tips would be very much appreciated.


Where are you? ;)
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by spo0on on Mon Aug 06, 2012 1:27 pm
([msg=68590]see Re: Please ask questions ONLY in this topic.[/msg])

I've read pages and pages of the same hints (Some of you guys really need to read at least ONE page of this stuff before you ask questions, they're almost all the same). I understand how everything works, except for the part where we know the file structure. The solution makes perfect sense if you know how the poems are being saved, but how do we find that out? Trial and error? In that case, its pretty misleading that the HTS Forbidden page says Page Not Found as opposed to Forbidden. Am I missing something else?

Thanks!
spo0on
New User
New User
 
Posts: 1
Joined: Mon Aug 06, 2012 1:16 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by alowaniak on Mon Aug 20, 2012 8:10 am
([msg=68848]see Re: Please ask questions ONLY in this topic.[/msg])

One thing I still don't really get is why it works...?
My initial try was using SSI (since I would've thought you could view your poetry submission after submitting).
But what I don't get is why it works how it works, because if you view the poetry submissions it doesn't take you to "/[submissionname]" but instead it uses "submissions.php?name=[submissionname]" which I would think hints to the submissions being saved in a database or w/e but if that would've been the case then the current solution wouldn't have worked right?
Anyone care to explain it in more detail why it works? (PM if you want)
alowaniak
New User
New User
 
Posts: 4
Joined: Sat Jul 31, 2010 9:51 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Sep 08, 2012 5:53 pm
([msg=69257]see Re: Please ask questions ONLY in this topic.[/msg])

Google "PHP file_get_contents" and there'll be light.

also, note that these missions are simulated and simulations are not (well, actually they can't, for security/etc reasons, be) 100%.

as your mission is to restore a file, you will obviously have some functionality on the target site that has file write access.
once you know where it is, you'll just need to know what to feed it with, and how to force it to put your stuff to a path more appropriate for you.
now i really can't think of a single way to explain it better, more simple, and without giving the whole solution away.

this thread is in excess of information on how to solve the mission, really. the key phrase (for the whole site, actually) is understanding: You should understand what and why is happening and look up information available throughout the internet on mechanisms involved in a certain mission. that's how learning goes

good luck everyone
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Raven_ghost on Tue Sep 18, 2012 4:11 am
([msg=69437]see Re: Please ask questions ONLY in this topic.[/msg])

Hm i completed this challenge with some research sadly, but there are a few things i don´t understand...

for exemple how am i supposed to know where the poems are saved , i didn´t find a hint here if or if there are not more folders (i know where they are just ask like this to prevent spoilers.)
And second ... how am i supposed to know how the poems are saved, they could have been saved in an SQL Database or a .txt file ... or whatever

Would be realy grateful if someone could PM me the answers so we´re not spoilering :)
Raven_ghost
New User
New User
 
Posts: 2
Joined: Fri Sep 14, 2012 7:04 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sun Oct 07, 2012 4:02 pm
([msg=70014]see Re: Please ask questions ONLY in this topic.[/msg])

Raven_ghost wrote:how am i supposed to know where the poems are saved

Raven_ghost wrote:how am i supposed to know how the poems are saved, they could have been saved in an SQL Database or a .txt file ... or whatever


First of all, common sense. Second, there is a certain behaviour of one of the scripts through which you access the poems (won't tell whether it's r/w ;)).
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Elemenophee on Mon Oct 29, 2012 7:23 am
([msg=70478]see Re: Please ask questions ONLY in this topic.[/msg])

First of all, I don't think this is a spoil because mission can't be achieved this way.


I just ended it but I'm wondering why .php?command=mv%20oldfile%20newfile doesn't works.
Elemenophee
New User
New User
 
Posts: 6
Joined: Thu Oct 25, 2012 6:36 am
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests