Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Transversing help

Post by Damascus2k8 on Wed Jun 18, 2008 3:53 pm
([msg=5180]see Re: Transversing help[/msg])

:D No Problem Mate!


C0362AF19B89E861F21485CE1D2B430E



"Change your thoughts and you change your world!"
Damascus2k8
Experienced User
Experienced User
 
Posts: 68
Joined: Mon Apr 14, 2008 8:18 pm
Location: /root
Blog: View Blog (0)


Don't want to complain

Post by tezyn on Fri Jun 20, 2008 12:56 pm
([msg=5351]see Don't want to complain[/msg])

First Thank you to everyone that has set up, thought up, or kept up this sight. In the little amount of time that I have been looking around, I have found things, or pointers to learning, that I have been looking for, for a long time.

I just was wondering how possible it would be to make some functional additions to this test.

While I understand that you aren't really going to set up a separate web site for us to really hack, I found the functionality here to be directly misleading in this case.

From my experience with solving this situation, I have found 4 main pages.
1. This has been hacked
2. To be restore
3. How this site works
4. Solve here

The problem IMHO, is that while I was investigating the current code, I applied the technique, that in the end solved the test, on the "How this site works" page, only to receive the infamous "Green screen of Failure" page. Because of this, when I was looking at the "Solve on this page" page, it wasn't until I got the point frustration where you try things you "know won't work," did I solve this problem.

Would it be possible to make a change, so that if you followed the same principal on the "How this site works" page, it would redirect you accordingly, or display something other then the "Green screen of Failure?"

Again, I don't want to complain. The time and effort I spent doing my research was well worth the little amount of frustration that this caused.
tezyn
New User
New User
 
Posts: 2
Joined: Fri Jun 20, 2008 1:43 am
Blog: View Blog (0)


Re: Need help again :D

Post by capi-chou on Fri Jun 20, 2008 5:21 pm
([msg=5370]see Re: Need help again :D[/msg])

liuyuan wrote:Here is a diagram I've made to help you understand this.
http://img294.imageshack.us/img294/2749/real4uy9.jpg


This makes it really easy. Too, probably.
capi-chou
New User
New User
 
Posts: 2
Joined: Tue Jun 17, 2008 6:20 pm
Blog: View Blog (0)


Re: stumped

Post by Rc0n on Mon Jun 23, 2008 6:07 pm
([msg=5600]see Re: stumped[/msg])

OK, i'm lost :cry:

this is what ive got so far,

i can get the old site up,
i now that it has somthing to do with directory traversal and using ../ attack.

but i can not work out for the life of me how to use the directory traversal, i now it has to be done in the addpoem page but i can't find the poem after i've added it beacuse when i change the url so the name is the name of my poem it saids "can't do that wirdo" so i'm completely lost with what to do so is there someone how can push me in the right direction with how to view my poems and on how to use directory traversal propoley, but somthing that has not all ready been said.

thanks in advance

Rc0n
MESS WITH THE BEST, DIE LIKE THE REST
User avatar
Rc0n
New User
New User
 
Posts: 5
Joined: Mon Jun 16, 2008 11:08 am
Blog: View Blog (0)


Re: stumped

Post by mattman059 on Mon Jun 23, 2008 8:12 pm
([msg=5610]see Re: stumped[/msg])

This is my first post, so im going to try my best to keep it as "spoiler free" as possible.

You are right that you need to use the add poem function to finish. Think about what page you need to get where. Think about where you are in relation to the index.html file. Have you tried reading a poem yet? If not try that. Look back over the DT stuff you've researched. Hopefully this helps.
mattman059
New User
New User
 
Posts: 7
Joined: Sun Jun 22, 2008 7:49 pm
Blog: View Blog (0)


Re: Help plz

Post by Kiros37100 on Thu Jun 26, 2008 3:42 am
([msg=5797]see Re: Help plz[/msg])

Here's a pointer: Your post has a false statement. :)
Kiros37100
New User
New User
 
Posts: 1
Joined: Wed Jun 18, 2008 10:50 am
Blog: View Blog (0)


Re: stumped

Post by hrangel on Thu Jun 26, 2008 3:46 pm
([msg=5858]see Re: stumped[/msg])

If is this a spoiler please forgive me!!.
Good day guys,

ok, I Got the old page and got the read and submit, as i read on the blog there is not need for ISS or SQL injection or even Java injection right?

OK, i been trying to type the *nix commands on the name text box to submit a poem, and get the same message
"Your poem was successfully added. Thank you for your contributions", ok I'm getting a bit crazy here, ok, what I also did downloaded the submit & read php pages and changed the post for get to give it a try but still have no ide, also readed about D..T.. on http://en.wikipedia.org/wiki/Directory_traversal
can you guys take a look at the wiki page and let me know if what I read was correctly pls, also mm if is not java, sql or iss injection i guess i have to submit an *nix command from the submit poem section, but doesn't matter what *nix command i try it gives the same error.
can anyone give a clue and how you got that clue in order to learn please.
hrangel
New User
New User
 
Posts: 5
Joined: Tue Jun 24, 2008 11:54 am
Blog: View Blog (0)


Re: Need help again :D

Post by hrangel on Fri Jun 27, 2008 8:23 am
([msg=5911]see Re: Need help again :D[/msg])

If is this a spoiler please forgive me!!.
Good day guys,

ok, I Got the old page and got the read and submit, as i read on the blog there is not need for ISS or SQL injection or even Java injection right?

OK, i been trying to type the *nix commands on the name text box to submit a poem, and get the same message
"Your poem was successfully added. Thank you for your contributions", ok I'm getting a bit crazy here, ok, what I also did downloaded the submit & read php pages and changed the post for get to give it a try but still have no ide, also readed about D..T.. on http://en.wikipedia.org/wiki/Directory_traversal
can you guys take a look at the wiki page and let me know if what I read was correctly pls, also mm if is not java, sql or iss injection i guess i have to submit an *nix command from the submit poem section, but doesn't matter what *nix command i try it gives the same error.
can anyone give a clue and how you got that clue in order to learn please.
hrangel
New User
New User
 
Posts: 5
Joined: Tue Jun 24, 2008 11:54 am
Blog: View Blog (0)


Re: Need help again :D

Post by hrangel on Fri Jun 27, 2008 8:31 am
([msg=5912]see Re: Need help again :D[/msg])

Never mind I got it, i was carazy the last 2 days, but it was really easy and the Directory Transversal was it!!

Clue relax and take alook at this http://img294.imageshack.us/img294/2749/real4uy9.jpg.
hrangel
New User
New User
 
Posts: 5
Joined: Tue Jun 24, 2008 11:54 am
Blog: View Blog (0)


Question!!

Post by simbiotic_chipmunks on Fri Jun 27, 2008 12:28 pm
([msg=5930]see Question!![/msg])

Hi im a newbie in this and I just want to ask something from you guys. Is there a way to see the config of the .php file? because when I go to that file by adding the filename on the website, I can't get the source code of it, all that I can get is the source code of the html file.

thanks in advance...
simbiotic_chipmunks
New User
New User
 
Posts: 2
Joined: Thu Jun 26, 2008 10:07 am
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests