Please ask questions only in this topic.

Re: Please ask questions only in this topic.

Post by vaska94 on Sat Oct 04, 2008 9:05 pm
([msg=13143]see Re: Please ask questions only in this topic.[/msg])

i FOund Password :)
and what type of encoding is it ? : D
vaska94
New User
New User
 
Posts: 1
Joined: Sat Oct 04, 2008 2:48 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by rootux on Fri Nov 07, 2008 3:19 am
([msg=14597]see Re: Please ask questions only in this topic.[/msg])

I've found the m********gi page source and bruthforced my way in.
now I don't know which user account shall I use.
Should I go back and use the null poison byte to get to a list of users?
Should I use the null poison byte in this form also?
Is there a way to enter to sub directory with null poison byte without getting a malformed request error?

thanks.
rootux
New User
New User
 
Posts: 2
Joined: Tue Oct 14, 2008 7:42 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by KyleAnderson on Fri Nov 14, 2008 10:41 pm
([msg=15014]see Re: Please ask questions only in this topic.[/msg])

Sooo... What do you guys make of this file?
It appears to be a jpeg:
Code: Select all
kyle@kyle-desktop2:~/Desktop$ file robots.txt
robots.txt: JPEG image data, JFIF standard 1.01


But I can't seem to open it. What do you guys thing?
KyleAnderson
New User
New User
 
Posts: 11
Joined: Fri Nov 14, 2008 10:39 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Lenamote_14 on Wed Nov 19, 2008 5:09 pm
([msg=15219]see Re: Please ask questions only in this topic.[/msg])

Hi guys :mrgreen:
This is mi firts reply on HTS forum so i hope i could get some help
I really dot know much about PHP only the basic to make a cookie stealer xDD
So im stuck in this level i cant move beyond the m********.c** i apply de null byte on this file and saw it's source but i dont know what to do next.

Maybe i need to make some script to decrypt any pass :?:

I really will apreciate your help :geek:

Cumpz :!:

LeNaMoTe
Lenamote_14
New User
New User
 
Posts: 1
Joined: Wed Nov 19, 2008 5:03 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by st00ne on Tue Jan 20, 2009 6:39 pm
([msg=16675]see Re: Please ask questions only in this topic.[/msg])

aaa same here.. i see the source and i think i know that i sould use a***i and v********d functions, but i dont know how
i have perl on my pc and trying lots of stuff but joust cant get it...

i have knowledge of c,c++ but not too much of perl...

so i need a hint on what to concetrate

EDIT: nvm solved it...
wao this was the most interesting and enjoying mision ever..
it was Worthy of all of my time...
st00ne
New User
New User
 
Posts: 11
Joined: Sun Jan 18, 2009 5:18 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by picapau on Thu Jan 29, 2009 5:23 am
([msg=17053]see Re: Please ask questions only in this topic.[/msg])

Hi,

Ive bypassed the v******y in the m*******.c** and now I need an username or mail address that I have no clue, how to get them!
Im stuck! Please help! Any hint is appreciated!

Thanks!
picapau
New User
New User
 
Posts: 1
Joined: Thu Jan 29, 2009 5:18 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by st00ne on Thu Jan 29, 2009 5:43 am
([msg=17054]see Re: Please ask questions only in this topic.[/msg])

how did you find m********.c**, search everywhere....
st00ne
New User
New User
 
Posts: 11
Joined: Sun Jan 18, 2009 5:18 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by TheBarkMaster on Fri Jan 30, 2009 4:19 pm
([msg=17117]see Re: Please ask questions only in this topic.[/msg])

Hi all,
I'm getting rather crazy about this mission(as I did with the before one til I found it) but this is the first time I post on the forum. I know about poison null bytes, and also have seen the m********.c** and it's source but I just don't know enough of perl to bruteforce it's va***k*y function, and as I think reversing is impossible in this case. Could please anyone help me, or just post me the code to bruteforce it? so that I can study that. Although I would prefer hints. Thanks in advance!
TheBarkMaster
New User
New User
 
Posts: 3
Joined: Fri Jan 30, 2009 4:14 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Belman on Sat Feb 14, 2009 6:02 pm
([msg=17904]see Re: Please ask questions only in this topic.[/msg])

in the "mod".cgi php code, what is "sub" in the "sub validkey"? i keep getting a parse error T_string on the line
Belman
New User
New User
 
Posts: 4
Joined: Sat Feb 07, 2009 3:45 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Cybicool on Thu Feb 19, 2009 4:02 am
([msg=18228]see Re: Please ask questions only in this topic.[/msg])

wtf? I got my perl code working with some copypasta and trial and error, so i get a set of multiple passwords that fit the algorithm and pass through the function, but when i enter them into the m*********.*** it says that i have an invalid id. this is pissing me off because I am fairly certain that it is right, because i didn't touch the code for the functions at all. i copypasta'd like 3 times and it says that my ids are right. analyzing my packets with wireshark shows that m********.*** is sending the "action" variable as "login" which is not in the source code at all.
Cybicool
New User
New User
 
Posts: 2
Joined: Tue May 13, 2008 4:19 am
Blog: View Blog (0)


PreviousNext

Return to (Real 14) Yuppers Internet Solutions

Who is online

Users browsing this forum: No registered users and 0 guests