The big lie of computer security is that security improves by imposing complex passwords on users. In real life, people write down anything they can't remember. Security is increased by designing for the way humans actually behave. -Jakob Nielsen
<º))))>< Intro ><((((º>
Hai~ this is Faith again, this is my second article and my first requested tutorial.
This tutorial is how I finished Realistic Mission 14, I think the other tutorial (which is a really nice one) is out of date.
I will split this into 3 sections,
• Finding the key holes
• Finding the keys
• Opening the lock
<º))))>< What you need ><((((º>
Poison null byte http://www.hackthissite.org/articles/read/318 <3 net elemental
Php host such as www.t35.com
Very basic php scripting skills or ability to search through the forum
<º))))>< What you DON’T NEED, but is really nice to learn><((((º>
Hidden directory and change log and stuff
<º))))>< Fining the key hole ><((((º>
1. You get your usual complaint and message, you’d end up with another mission =]
2. First, go around the sites are usual, and see if there is anything that you can exploit with poison null byte.
3. We found n***.c**?s****=*
4. Remember back in the Noob ages, we learnt that
. means current directory
.. means previous directory
5. Now if we apply one of the “dots” with the poison null byte, we can see all the directories that it has.
6. We see two interesting pages
<º))))>< Finding the keys ><((((º>
1. Let’s apply the one that starts with “m” with poison null byte first
2. You get a bunch of codes that tells you how does the page check for the password
3. Now just write a simple phpscript, copy the function on the bottom, and keep on trying until it falls in range. (pm for help on the script)
4. After you get the code, go to the “m” page without the poison nullbyte
5. Type the password you’re figure out, look up user, remember the symbol we use for variable, I’ve used it a couple on this tutorial to not spoil things that much.
6. Get the password and user name
<º))))>< Opening the lock ><((((º>
1. Go to the page that starts with an “a” you’ve found
2. Log on with the pass you’ve found
3. Voila =]
Second tutorials, I’ve tried to apply some of the things that was comment on my first article.
Sorry there is not picture in this one, it will just spoil it completely... More constructive comments please =]
Hope it helps
Cast your vote on this article 10 - Highest, 1 - Lowest