Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by conscience on Fri Nov 02, 2012 4:34 pm
([msg=70530]see Re: Please ask questions ONLY in this topic.[/msg])

Elemenophee wrote:First of all, I don't think this is a spoil because mission can't be achieved this way.


I just ended it but I'm wondering why .php?command=mv%20oldfile%20newfile doesn't works.


why would it? :shock:
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by jolala on Sat Nov 03, 2012 7:59 pm
([msg=70546]see Re: Please ask questions ONLY in this topic.[/msg])

why would it? :shock:


Hi all

Elemenophee's Syntax might not be good but I have got quite the same question.

I hope the following is no spoiler (if it is please delete it) but anyway it doesn't seem to work and doesn't help solve the problem so...

Assuming that :
- You can use php (which should apparently be the case)
- submitpoetry, oldindex and index are all located in the same directory (because so far no poem has been created and we are not interested in creating a new webpage).

You should be able to sort it out with a php code.

Indeed :
- It closes the input which is does not contain anything, but we don't care because php script goes on.
- If oldindex is renamed then current index will be erased.
- Insert a commentary at the end will prevent the server from reading the rest of the webpage.

But it doesn't work.

Did I miss something ? :oops:

Thanks all.

EDIT : I removed the code, but let the other things, as it had already be explained in previous pages.
Last edited by jolala on Sun Nov 04, 2012 12:56 pm, edited 1 time in total.
jolala
New User
New User
 
Posts: 2
Joined: Sat Nov 03, 2012 7:41 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sun Nov 04, 2012 8:22 am
([msg=70548]see Re: Please ask questions ONLY in this topic.[/msg])

jolala wrote:I hope the following is no spoiler

Well, it looks quite spoilish to me; maybe you should edit it so you don't get a warning from the mods. :)

jolala wrote:But it doesn't work.

It is not working because there is no php injection vulnerability is involved in the misson as well as there is no chance to execute shell commands.

Read the pages carefully, think about how the stuff on the site works and then you'll be able to figure out how to leverage a certain functionality to put your original file contents back to their original place.

The rule of thumb here is you must examine a page carefully and figure out its mechanisms before you attempt your attack. False assumptions can quickly get you sidetracked.
Last edited by conscience on Sun Nov 04, 2012 1:50 pm, edited 1 time in total.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 250
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by jolala on Sun Nov 04, 2012 1:12 pm
([msg=70549]see Re: Please ask questions ONLY in this topic.[/msg])

conscience wrote:Read the pages carefully, think about how the stuff on the site works and then you'll be able to figure out how to leverage a certain functionality to put you original file contents back to their original place.

The rule of thumb here is you must examine a page carefully and figure out its mechanisms before you attempt your attack. False assumptions can quickly get you sidetracked.


You're probably right, I edited.

Well, in fact I had solved the mission, but the security hole seemed a bit weird to me. Then I read some pages here and people here were inferring things about shell and so on, that's why I was wondering.

Thanks conscience.
jolala
New User
New User
 
Posts: 2
Joined: Sat Nov 03, 2012 7:41 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Incursus626 on Thu Nov 15, 2012 10:13 pm
([msg=70928]see Re: Please ask questions ONLY in this topic.[/msg])

Is this page supposed to exist? I get the feeling it isn't meant to be there.

http://www.hackthissite.org/missions/re ... .php/index
This Signature is mine. There are many like it, but this one is mine.
User avatar
Incursus626
New User
New User
 
Posts: 3
Joined: Thu Nov 15, 2012 10:11 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by not_essence2 on Thu Nov 15, 2012 10:40 pm
([msg=70930]see Re: Please ask questions ONLY in this topic.[/msg])

I'm pretty sure it wasn't supposed to be. Looks like the server interpreted it wrongly.
But anyways, here's the basic theory behind the mission- in order to achieve maximum success chances of a successful hack on a website, you must attempt to abuse every option they give to you. Anything you can do on the site, use it to your advantage. Because there will be a vulnerability. There always will. Especially whenever you can say what to put on there. *hint*
not_essence2
Poster
Poster
 
Posts: 189
Joined: Fri Sep 14, 2012 6:09 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Shade_of_Gray on Fri Nov 16, 2012 8:03 pm
([msg=70968]see Re: Please ask questions ONLY in this topic.[/msg])

No, the server's interpreting it correctly. It's just confusing the browser.

What's happening is that the server is returning readpoems.php (and ignoring the rest of the URL). It's responding exactly as if that part of the URL weren't there.

When the browser gets it, it tries to fetch the images from the current directory, and since you've changed the "directory" to "/missions/realistic/3/readpoems.php/", it tries to fetch (for example) "/missions/realistic/3/readpoems.php/bg.jpg". It doesn't get an image back, naturally, so it gives up and displays it blank.

Does that make sense?
Shade_of_Gray
Experienced User
Experienced User
 
Posts: 60
Joined: Mon Oct 22, 2012 11:04 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by not_essence2 on Fri Nov 16, 2012 8:40 pm
([msg=70969]see Re: Please ask questions ONLY in this topic.[/msg])

Yeah, I haven't read up on that for a while. It looked weird, as .php and other appendages can't be executed in the middle of a URL (It's like telling someone to do something when you're supposed to be leading them to the destination first). I thought that then the server had a problem.
not_essence2
Poster
Poster
 
Posts: 189
Joined: Fri Sep 14, 2012 6:09 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by EcceGratum on Sat Nov 17, 2012 2:21 pm
([msg=71021]see Re: Please ask questions ONLY in this topic.[/msg])

-- Sat Nov 17, 2012 11:01 pm --

I think that this mission is not fair.
I was on the right way but couldn't achieve anything. Then I've just read something in this forum about the fake server message telling "the directory does not exist". Why is that necessary? Do website makers really use such tricks?
EcceGratum
New User
New User
 
Posts: 20
Joined: Wed Nov 07, 2012 4:29 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Shade_of_Gray on Sat Nov 17, 2012 5:35 pm
([msg=71026]see Re: Please ask questions ONLY in this topic.[/msg])

EcceGratum wrote:-- Sat Nov 17, 2012 11:01 pm --

I think that this mission is not fair.
I was on the right way but couldn't achieve anything. Then I've just read something in this forum about the fake server message telling "the directory does not exist". Why is that necessary? Do website makers really use such tricks?


I do.
Shade_of_Gray
Experienced User
Experienced User
 
Posts: 60
Joined: Mon Oct 22, 2012 11:04 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests

cron