Please ask questions only in this topic.

If you're still stuck

Post by conscience on Sat Jan 31, 2009 10:16 pm
([msg=17185]see If you're still stuck[/msg])

Ok, now I'm going to give some hints about this piece of cake.

The first thing you must know is that how the website works, so just play all around the stuff. You may find some information at the News page (hope it won't be a spoiler) about which parts of the page are secured recently. So what if the others aren't so secure? Let's give it a try. It may be a good idea to remember, what are the differences between POST and GET.
From one of those less-secured parts you must get some important information if you give unexpected input. For example it either may be "jfseruhzwsedfjsd" that often used to be unexpected :D

Now you've got some PHP code right before your eyes that somehow tells you where to go for those hashes. Take a closer look to it. URLs are always string variables so it's good to know, how PHP handles strings. The rest of finding the hashes depends on you. You'll have to figure it out, but it's not that difficult, especially after reading all these comments.

Okay, let's see! Now you've got some hashes so you probably know the loginname and password (YES, YOU HAVE TO CRACK IT).
But where the heck will you use them? From this forum, you know that there is a fake login site that is very easy to find. Probably you've found it too, and got some message like "stuff" is not the correct password string for "lamer". Therefore you must think again... Remember how did you find the hashes? (Forgive me ;) ) Maybe the site admin used the same camouflage again...

Think that helped a lot. I can't tell you anything more without exactly telling it all. You have to work on your own. Good luck!
Last edited by conscience on Mon May 17, 2010 1:08 am, edited 1 time in total.
Let him who hath understanding reckon the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 310
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by breathless85 on Sun Feb 01, 2009 12:28 pm
([msg=17221]see Re: Please ask questions only in this topic.[/msg])

I have found the hashes but i can't find the login page ok I found the fake one but now I'm stuck. I know I must use the sp*****.php page but I can't figure it out where that hash is:s can somebody help me?
breathless85
New User
New User
 
Posts: 1
Joined: Thu Jul 03, 2008 6:20 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Gargle on Wed Feb 04, 2009 11:22 pm
([msg=17404]see Re: Please ask questions only in this topic.[/msg])

I have spent a lot of time trying to figure this one out, but i just couldn't find the login page.
So finally I gave up and just googled for the solution to this mission.

I found three places that offered a sollution said the same thing: If you open S-foobar-.php with the wrong or no parameters, it will give you an error page with a hash. Well I have tried wrong parameters, and I have tried no parameters and i don't get a hash i get S-foobar: could not be found.

So what am I doing wrong, what do I need to do to get the errorpage?

Gargle
Gargle
New User
New User
 
Posts: 9
Joined: Fri Oct 24, 2008 9:01 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by MrBlueSky on Tue Feb 17, 2009 6:41 pm
([msg=18129]see Re: Please ask questions only in this topic.[/msg])

Gargle wrote:I found three places that offered a sollution said the same thing: If you open S-foobar-.php with the wrong or no parameters, it will give you an error page with a hash. Well I have tried wrong parameters, and I have tried no parameters and i don't get a hash i get S-foobar: could not be found.

So what am I doing wrong, what do I need to do to get the errorpage?

Gargle


I suggest you use the same technique at another page which uses the same kind of form as on s.....php. It will give you a much more interesting error message!

Question for people who solved this challenge:
I'm having trouble finding the correct H***_R**** to gain access to the reset-thingy. Of course I tried several strings, including the one found in the source and variations of it, but it doesn't work. Any hints on that? Or is that page a dead-end?
MrBlueSky
New User
New User
 
Posts: 4
Joined: Tue Feb 17, 2009 7:36 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Defience on Wed Feb 18, 2009 9:52 am
([msg=18157]see Re: Please ask questions only in this topic.[/msg])

MrBlueSky wrote:
Gargle wrote:I found three places that offered a sollution said the same thing: If you open S-foobar-.php with the wrong or no parameters, it will give you an error page with a hash. Well I have tried wrong parameters, and I have tried no parameters and i don't get a hash i get S-foobar: could not be found.

So what am I doing wrong, what do I need to do to get the errorpage?

Gargle


I suggest you use the same technique at another page which uses the same kind of form as on s.....php. It will give you a much more interesting error message!

Question for people who solved this challenge:
I'm having trouble finding the correct H***_R**** to gain access to the reset-thingy. Of course I tried several strings, including the one found in the source and variations of it, but it doesn't work. Any hints on that? Or is that page a dead-end?


I'm not sure what you're referring too on this...without giving too much away, can you tell me where you are at in the mission?
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by MrBlueSky on Wed Feb 18, 2009 10:19 am
([msg=18163]see Re: Please ask questions only in this topic.[/msg])

Defience wrote:
I'm not sure what you're referring too on this...without giving too much away, can you tell me where you are at in the mission?


I found a page p****s.php which says that "p***** need to be reset:", and it wants a certain http header. The header to use can be found in the source code you see with the error message somewhere else in the mission.

Now, for some reason, this didn't work for me yesterday but now it does :? and I get another message which says my ip has been banned and logged. Hmm... Maybe it's just a decoy..
MrBlueSky
New User
New User
 
Posts: 4
Joined: Tue Feb 17, 2009 7:36 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Defience on Wed Feb 18, 2009 10:56 am
([msg=18164]see Re: Please ask questions only in this topic.[/msg])

Ok.....so it sounds like you are getting somewhere ;)
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by MrBlueSky on Wed Feb 18, 2009 12:14 pm
([msg=18171]see Re: Please ask questions only in this topic.[/msg])

Defience wrote:Ok.....so it sounds like you are getting somewhere ;)


Excellent. I'll keep on going then :) Thank you!
MrBlueSky
New User
New User
 
Posts: 4
Joined: Tue Feb 17, 2009 7:36 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by vort3x on Fri Feb 20, 2009 1:36 pm
([msg=18303]see Re: Please ask questions only in this topic.[/msg])

Im totally stumped O_o
I cant get the error up:



Ive tried going to that directory but it comes up with : subdir



[Edited By: Monica]
vort3x
New User
New User
 
Posts: 8
Joined: Thu Apr 17, 2008 6:51 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Anderkent on Sat Feb 21, 2009 12:58 am
([msg=18333]see Re: Please ask questions only in this topic.[/msg])

Well you have to think what exackly that whole request is getting. Do you know what md5 does?
Anderkent
New User
New User
 
Posts: 5
Joined: Sun Feb 15, 2009 9:46 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 13) Elbonian Republican Party

Who is online

Users browsing this forum: No registered users and 0 guests