Search found 13 matches

Return to advanced search

Re: Please ask questions ONLY in this topic.

I struggled for a long time on this one. I had missed the second special comment in the HTML on a particular page that Monica hinted at earlier. Once you have that, combined with your analysis of the HTTP requests (any modern browser's dev tools include a tool for looking at network traffic. Wiresha...
by why tspace
on Tue Feb 20, 2018 6:12 pm
 
Forum: (Real 16) Simple Mail
Topic: Please ask questions ONLY in this topic.
Comments: 107
Views: 183546

Re: Please ask questions only in this topic.

I had no idea, nor could fathom about a null byte exploit before engaging in this mission. Once I actually knew where to put the null byte exploit, the rest came pretty easily after going through all the other missions before this. But it wouldn't have taken me 5 minutes like a poster above me said....
by why tspace
on Tue Feb 20, 2018 12:49 am
 
Forum: (Real 14) Yuppers Internet Solutions
Topic: Please ask questions only in this topic.
Comments: 124
Views: 170041

Re: Grump .... stuck ... whine

To anyone else struggling, don't bother with WinRAR, use WinAce as the article says, but make sure you are using the right archive type (default compression and encryption works fine). Thank you so much! I tried zip (unix), winzip, winrar, 7zip, and WinAce is the only one that compressed to the mag...
by why tspace
on Sat Feb 17, 2018 5:32 pm
 
Forum: (Real 15) seculas Ltd.
Topic: Grump .... stuck ... whine
Comments: 127
Views: 190726

Re: Please ask questions ONLY in this topic.

Like many others, I didn't do any cookie stealing. In fact, I don't think cookie stealing works anymore...(someone prove me wrong). For some reason, I was able to view the user with id=0, and everything was editable. I don't know why. This account was a mod account, and everything was smooth sailing...
by why tspace
on Fri Feb 16, 2018 1:51 am
 
Forum: (Real 11) BudgetServ Web Hosting
Topic: Please ask questions ONLY in this topic.
Comments: 155
Views: 220866

Re: Please ask questions only in this topic.

Ok! Fun one. I couldn't find the login page, but I really should have, because I thought I already tried visiting it! The only hint is to break pages and note the errors. You don't have to ask Google to do a web crawl for you, everything is there in the error messages, including the hidden login pag...
by why tspace
on Thu Feb 15, 2018 1:51 am
 
Forum: (Real 13) Elbonian Republican Party
Topic: Please ask questions only in this topic.
Comments: 84
Views: 142413

Re: Hint thread for the confused.

Okay, so I thought I'd tackle the mission. There are three things that I have noticed that are of your interest: 1. You can browse the server by typing "file://C:/" in the address bar. Not of your browser, of course. 2. The guestbook of Joey Simons. 3. The admin panel. Now, how do we link...
by why tspace
on Wed Feb 14, 2018 11:58 pm
 
Forum: (Real 12) Heartland School District
Topic: Please ask questions in this topic ONLY
Comments: 103
Views: 175394

Re: Please ask questions ONLY in this topic.

! Okay, spent around 2 hours trying to get in as a staff member. My only advice for this is that the username is not the person's name. Think of how the emails for teachers are displayed and you'll know the username isn't their full name. I was fooled. To login as a student you can be "Zach San...
by why tspace
on Tue Feb 13, 2018 5:36 pm
 
Forum: (Real 10) Holy Word High School
Topic: Please ask questions ONLY in this topic.
Comments: 159
Views: 255789

Re: Please ask questions ONLY in this topic.

I got tripped up thinking the username search gave a "username : password" pair. The second part is the description. Then I saw a bunch of sql injections left in the description and reasoned that they mentioned the correct account name. I guessed the password and logged in. I also tried th...
by why tspace
on Tue Feb 13, 2018 3:28 pm
 
Forum: (Real 8) United Banks Of America
Topic: Please ask questions ONLY in this topic.
Comments: 349
Views: 340959

Re: Please ask questions ONLY in this topic.

I seem to have arrived at an uncommon route to the answer. EDIT: removed something spoilery. I actually looked at all the html attributes for forms wherever I navigated. I noticed that a submit page looked interesting. So naturally, that means that a special path exists on the site. This almost imme...
by why tspace
on Mon Feb 12, 2018 5:08 am
 
Forum: (Real 5) Damn Telemarketers!
Topic: Please ask questions ONLY in this topic.
Comments: 375
Views: 411514

Re: recommended hash cracker for os x

WestHFR wrote:However, for it to work you have to add a username before the hash. Otherwise it doesn't recognize it as a hashed password.


This was really key when using lcrack. Emphasizing this.
by why tspace
on Mon Feb 12, 2018 4:57 am
 
Forum: (Real 5) Damn Telemarketers!
Topic: recommended hash cracker for os x
Comments: 23
Views: 81913
Next

Return to advanced search