Page 2 of 11

Re: need a hint

PostPosted: Mon Apr 28, 2008 10:01 am
by purple_pixie
No, it just takes some real logical thinking to work out what to do.

Took me a fair while, I remember, but when I sat down and thought through every step of the authentication it all made sense, and the answer was born.

Re: Where To Start?

PostPosted: Thu May 15, 2008 8:16 pm
by Jheshka
I thought the mission was hard..

Actually, apparently I missed it...
Guess I'll get started on it :)

Re: need a hint

PostPosted: Thu May 29, 2008 1:24 am
by tordek
Okay, I know I have to change the ******.t** file by overwriting it... (However, there seems to be a logical flaw in this: How am I suppossed to know where the user directory is?)

And now I have the right username (I was misleading myself with slashes...), but now I overwrite it with a***_p***=whatever, but it just hangs up...

Re: need a hint

PostPosted: Sun Jun 01, 2008 12:11 pm
by jetbackwards
tordek wrote:Okay, I know I have to change the ******.t** file by overwriting it... (However, there seems to be a logical flaw in this: How am I suppossed to know where the user directory is?)

And now I have the right username (I was misleading myself with slashes...), but now I overwrite it with a***_p***=whatever, but it just hangs up...


To find the answer to your first question, you must look everywhere - sometimes devs get debug-happy!

The hanging is because the object that is looking at the c*****.t** doesn't understand what it's looking at i.e. your overwrite is incorrect. Think about exactly what must happen in the process, and how the overwritten text will be used, and what you must to do ensure that only what you want to be included in the process is included in the process (is there any way that you can make some characters non-functional?)

Re: need a hint

PostPosted: Sun Jun 01, 2008 2:06 pm
by jmillican
Ok... I'm able to log into the admin having changed c*****.t** correctly etc. I've looked through the source code of all of the pages and scripts though, and I can't find any developer comments or anything. Have tried getting errors from the system but am still unsuccesful. How can I find the directory with the users' details in?

Re: need a hint

PostPosted: Tue Jun 03, 2008 11:25 pm
by Microelite7711
I've been stuck here to, I put this in one of the spaces in the U... P.... so it will change C......txt:

a....._p...=c......txt&a....d=t...

so that changes c......txt to that and I try logging into a.... and it just says unauthorized accesses... I don't have any quotes in my script that I change in c......txt and I also leave the rest of the slot's blank so the c......txt say:

a..._p...=c......txt&a.....=t...;
-12;
;

\\These is the user config file notes, anything with \\ in front is ignored
\\Line 1: Personal message
\\Line 2: Timezone
\\Line 3: Current Email

Re: need a hint

PostPosted: Sat Jun 07, 2008 2:40 am
by dangerduo
stuck at the overwrite portion. I would assume I must get rid of the numerical value follow by the semi-colon some how but that field only take numerical value...?

Can someone offer some hint / suggestion on how to approach this issue?

Thanks.

Can i please get a hint or 2?

PostPosted: Sun Jun 08, 2008 5:37 pm
by shanebane363
[color=#00FF00]ok heres the issue. i found the admin login form in the source, and have found the possible usernames to input. (easy) i have also created an account. i am stuck there. i am unsure what to do from here to find the admin password or password hash. unsure if i even need it...

i have been to all of the links on the page...i dont really see anything...

i am wondering if there is something i am missing or if i am just a dumbshit. LOL

is there some way i can exploit the register, login, admin login, search, or send email pages? i feel like im missing something, cuz this mission cant be this damn hard.

Re: need a hint

PostPosted: Thu Jun 12, 2008 11:06 am
by jmillican
Microelite7711 wrote:I've been stuck here to, I put this in one of the spaces in the U... P.... so it will change C......txt:

a....._p...=c......txt&a....d=t...

so that changes c......txt to that and I try logging into a.... and it just says unauthorized accesses... I don't have any quotes in my script that I change in c......txt and I also leave the rest of the slot's blank so the c......txt say:

a..._p...=c......txt&a.....=t...;
-12;
;


Ok to get past this stage... you're on the right lines. Try thinking about how flash loads variables from a file.
They are URLencoded (like in a query string in the address bar). for example:
if you had two variables:
mission=16
difficulty=hard

To URLencode these, you would write as such:
mission=16&difficulty=hard

The ampersand (&) is used as a variable delimiter.

Now how could we use this knowledge to make the other boxes blank to the script?
Hope that helps ;)

Re: need a hint

PostPosted: Fri Jun 13, 2008 9:03 pm
by dangerduo
Hi jmillican,

Thanks for the hint, and after playing with it more i have access to the admin panel also, I just beat the mission. After accessing the panel is pretty straight foward.

If you haven't beat this mission, i would like to offer a hint for you since your hint help me. Look at the client side of the html code, besides html and what other stuff you see embed?

I hope that helps. Thanks for your hint.