Please ask questions only in this topic.

Re: Please ask questions only in this topic.

Post by freefrag on Thu Jul 23, 2009 2:49 pm
([msg=27298]see Re: Please ask questions only in this topic.[/msg])

any eta on when its getting fixed?
freefrag
New User
New User
 
Posts: 3
Joined: Thu Jul 16, 2009 10:36 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by djniks143 on Fri Jul 24, 2009 4:56 pm
([msg=27383]see Re: Please ask questions only in this topic.[/msg])

I HAVE APPLIED THE NULL BYTE IN N***.C** I GOT THAT LISTING OF FILES/PAGES..
I GOT M********.C** PAGE BUT I M UNABLE TO LOGIN. CAN ANY ONE TELL ME HOW TO APPLY NULL BYTE OVER THERE..

LOOKING FORWARD FOR REPLY
djniks143
New User
New User
 
Posts: 8
Joined: Thu Feb 19, 2009 8:10 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by relictus on Fri Jul 24, 2009 9:08 pm
([msg=27405]see Re: Please ask questions only in this topic.[/msg])

djniks143 wrote:I HAVE APPLIED THE NULL BYTE IN N***.C** I GOT THAT LISTING OF FILES/PAGES..
I GOT M********.C** PAGE BUT I M UNABLE TO LOGIN. CAN ANY ONE TELL ME HOW TO APPLY NULL BYTE OVER THERE..

LOOKING FORWARD FOR REPLY


Stop using caps. Reason -> http://media1.break.com/dnet/media/2008/5/15may27-caps-lock.jpg
To view the contents of m***.c** sse the same tecnique you used to list the files.
archlinux user ~ wannabe hacker
User avatar
relictus
New User
New User
 
Posts: 21
Joined: Sat Jul 18, 2009 1:12 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by bgonzales999 on Thu Jul 30, 2009 8:13 pm
([msg=27694]see Re: Please ask questions only in this topic.[/msg])

To view the contents of m***.c** sse the same tecnique you used to list the files.


I guess I do not understand the null byte because I cannot use it to access m********.c** source. I have made many attempts to get the page to accept my null byte but it won't. When I viewed n***.c** source I put my null byte after the s****= part. Is this wrong?
Last edited by bgonzales999 on Fri Aug 07, 2009 9:21 pm, edited 1 time in total.
bgonzales999
New User
New User
 
Posts: 5
Joined: Thu Jul 23, 2009 4:29 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by edilVin on Fri Aug 07, 2009 12:07 am
([msg=27957]see Re: Please ask questions only in this topic.[/msg])

I finished this mission. The only hint I wold give for the mod panel is to look for all users that may exist, about a few posts back someone mentioned sql injection, is not a bad idea but there are other options.

please remove this in case it shows too much

This is an example, now use your imagination.
http://www.hackthissite.org/user/search


"Seamos realistas y hagamos lo imposible" Ernesto Che Gevara
User avatar
edilVin
New User
New User
 
Posts: 15
Joined: Thu Mar 05, 2009 10:57 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Bren2010 on Sat Aug 08, 2009 10:14 pm
([msg=28024]see Re: Please ask questions only in this topic.[/msg])

Guys, just want to say, that all of you are making this harder that it needs to be.

Spoiler: Google archives sites unless instructed not to. See if the admin forgot to add an entry. :shock:
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by hziggles on Sun Aug 09, 2009 1:09 am
([msg=28034]see Re: Please ask questions only in this topic.[/msg])

OK Guys. There is absolutely NO need to use a Poison Null Byte or a PHP or Perl bruteforcer. NONE AT ALL.
This is a very vague hint: Nearly every website in existence is snuck around in and archived by robots.

-- Sun Aug 09, 2009 1:39 am --

OK I got to the admin page logged in as ******, the admin of the site, and apparently I found proof that they are doing whatever they're not supposed to be doing. But as I try to post the proof to the front page, it requires auth. Found a hash in the source code (sha1) and I am running it through John the Ripper now, but even if it does crack it in the next 100000 years, what am I supposed to do with the password? AHHHHHHHHHHHHHHH FREAKING HELP ME!!!
hziggles
New User
New User
 
Posts: 3
Joined: Wed Sep 03, 2008 4:38 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Bren2010 on Sun Aug 09, 2009 10:35 am
([msg=28041]see Re: Please ask questions only in this topic.[/msg])

hziggles, are you talking about the frame that goes to hackthissite.org on the admin page? That require auth, means you have to be logged into HTS. You don't actually have to post it to the front page to complete the mission. ;)
User avatar
Bren2010
Poster
Poster
 
Posts: 340
Joined: Fri Sep 19, 2008 3:23 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by bgonzales999 on Sun Aug 09, 2009 8:16 pm
([msg=28054]see Re: Please ask questions only in this topic.[/msg])

edilVin wrote:I finished this mission. The only hint I wold give for the mod panel is to look for all users that may exist...

This is an example, now use your imagination.
http://www.hackthissite.org/user/search




edilVin, because of your example I'm thinking very Wildly but it doesn't seem to help. Am I on the right track?
bgonzales999
New User
New User
 
Posts: 5
Joined: Thu Jul 23, 2009 4:29 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by afrika on Wed Aug 19, 2009 1:37 pm
([msg=28164]see Re: Please ask questions only in this topic.[/msg])

Please help me "sigh"

Ok so I found the cgi query system and first tried using XSS, didn't work, so then i read up a little and found out about poison null bytes. Ok so what I need to do obviously is list the files within the parent directory.
I've tried

[Spoiler removed]

I have no idea wtf I'm doing and I can't really find a good explanation and the ones that I've seen, is exactly what I'm doing so I don't know what I'm doing =/
afrika
New User
New User
 
Posts: 1
Joined: Wed Aug 19, 2009 12:42 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 14) Yuppers Internet Solutions

Who is online

Users browsing this forum: No registered users and 0 guests