Please ask questions ONLY in this topic.

[___BARBARIAN___]

there are two flash files. need to decomplie last one. there see the url and condition....after that inject on url...done..
But damm frustrating...found nothing except she is talking with her bro..............

[Mormant]

Hi guys, I've been reading all this here posts and still nothing... I've found the c*****.t** file [the root one] and the admin login page containing one l****.s*f but i can't seem to find the 2'nd *.s*f file or the user c*****.t** file

Any hints on this?

*Check that, I've just found the c*****.t** for the user.. i guess is was pretty logical.... the path.

Now i know is something to do with DT to save my data in "the other" c*****.t** but i can't seem to get it right..

OK so it finally hit me... from the hints "important user name" and "DT", so now i can edit the root c*****.t** file.

Sweet, I've manage to get into the admin panel the flash variables loading article does wanders.

I'm done

[Microelite7711]

Why does my mineral water that says it has “trickled through mountains for centuries” go out of date next year?

I really need your guys wisdom here.

[scnguitar]

Oops, posted spoiler by accident (edited)

[TheOracle10]

Ok so I'm pretty sure I've done everything right but when I try to login as admin it just doesn't do anything in the left bottom corner of FF it says transferring data like its supposed to but then it just doesn't do anything after that and I'm am on the "big" login page.

[samadhi]

For those of you looking for a flash decompiler, I used this web based tool. Its free, works perfectly, and provides a download link when it finishes. Hope this helps.

http://www.showmycode.com/

[HTS-Khanz]

Hmm, found an interesting little bug:

Got logged into jenn@simplemail.com without having to do anything special:



wierd huh?

[fashizzlepop]

What's weird? o.O

[HTS-Khanz]

The fact that I logged in by tampering with the data stream during account creation, and it didn't count as completion or anything, just got a piece of spam whenever I checked mail. Didn't think that was supposed to happen. Considering that now that I've completed it, you never actually log into "her" account.

[kkssyy]

Please read this article - http://www.hackthissite.org/articles/read/838

1. Find a****_****n by source review.

2. using Wireshark, find the c*****.**t file.
filtering by HTTP
If only we read Forum, I think we can guess the name of the file, even though we don't use wireshark.

3. overwrite the c*****.**t file to elevate the authority.
use Directory Traversal.
Please think where user's account is saved and where main_login is.
think how user's account can be changed.
Then, we can know where and how DT is used.

Time zone is not important.

4. using flash decompiler, decompile flash file to read the email.