Please ask questions in this topic ONLY

Re: Hint?

Post by Tommyboy123a on Fri Jul 11, 2008 1:27 pm
([msg=7204]see Re: Hint?[/msg])

khardix wrote:
Tommyboy123a wrote:instead of typing that into the form on the page, try opening that same file in the URL bar at the top of your browser

That generate Error 404 - File not found
I suppose that the cgi-bin folder on browser URL bar is the same as cgi-bin in the Heartland server file stucture.


first of all, make sure your slashes are going the right way, and also, I didn't say copy and paste the exact same thing in your browser URL box, you have to change it to access the file you want.
Tommyboy123a
New User
New User
 
Posts: 7
Joined: Tue Jun 24, 2008 8:14 pm
Blog: View Blog (0)


no need for spoilers

Post by amac on Thu Jul 24, 2008 1:09 am
([msg=8124]see no need for spoilers[/msg])

Hi guys

I just wanted to let those of you who may be curious know that it is possible to complete this mission without seeing any form of spoilers whatsoever. I originally completed the mission only after viewing some exceptionally un-"realistic" information on a certain page within the mission, but just now went back and solved it in a more "proper" way. So if you'd like to solve this without having to resort to questionable info-gathering methods, go for it! It's totally possible.
amac
New User
New User
 
Posts: 1
Joined: Thu Jul 24, 2008 1:00 am
Blog: View Blog (0)


Re: Hint?

Post by jakerrulz on Sun Jul 27, 2008 1:51 pm
([msg=8415]see Re: Hint?[/msg])

Hey, i found the login page, but are you suppposed to put sql injection into the pass?
i am looking thu the student's work and i can't find a sql injection that will work.

Help plz!!
jakerrulz
New User
New User
 
Posts: 3
Joined: Sun Jul 27, 2008 12:46 pm
Blog: View Blog (0)


Re: Please ask questions in this topic ONLY

Post by hungrycookpot on Wed Oct 01, 2008 9:25 am
([msg=12936]see Re: Please ask questions in this topic ONLY[/msg])

K I've already finished this mission, but I have a question about it, learning is nothing without understanding.

My simple question is: Why did the user/pass end up where it did? Was it supposed to represent a mistake on the part of the user, or is there a technical reason as to why it was displayed where it was? Seems like a pretty massive vulnerability to me.
hungrycookpot
New User
New User
 
Posts: 5
Joined: Fri Sep 26, 2008 11:06 pm
Blog: View Blog (0)


Re: Please ask questions in this topic ONLY

Post by Theist17 on Sat Oct 11, 2008 9:29 pm
([msg=13579]see Re: Please ask questions in this topic ONLY[/msg])

POSSIBLE SPOILERS, DON'T LOOK!

Yeah, I feel like I had far too easy of a time with this mission. The fact that the link (login and pass included) was right there in the guestboook is a bit unrealistic. Anyone have a reason for this?
Theist17
New User
New User
 
Posts: 12
Joined: Fri Sep 05, 2008 3:25 pm
Blog: View Blog (0)


Re: Please ask questions in this topic ONLY

Post by KouluAccount on Tue Oct 14, 2008 7:52 am
([msg=13673]see Re: Please ask questions in this topic ONLY[/msg])

EDIT: I don't have an idea what the problem was, but after clearing my browser cookies, history etc. it worked =F

------------------>!SPOILERS!<-------------------
This is for those who are wondering why the user and pass were there. First of all, the '****book.pl' is a perl program to read files in folder ***-**n. In default it reads ****book.txt file, but if you put in the *****************.pl (perl program), it reads the program.
----------------->/!SPOILERS!<-------------------

It's a good hint, but I edited out some stuff that basically guides people step by step. -Insomaniacal
Last edited by insomaniacal on Thu Dec 31, 2009 5:17 pm, edited 1 time in total.
Reason: Fixing Possible Spoiler
KouluAccount
New User
New User
 
Posts: 4
Joined: Thu Sep 18, 2008 10:02 am
Blog: View Blog (0)


Re: Please ask questions in this topic ONLY

Post by Gasmasq on Sat Nov 15, 2008 9:27 am
([msg=15044]see Re: Please ask questions in this topic ONLY[/msg])

Ok, so I've read EVERY post in this thread, and I still cannot find the guestbook. I've looked through most every file (WEB, Windows, Program Files) and cannot find what everyone is talking about. I understand that I represent a small minority of people doing these missions from a Mac, but I do have an understanding of Windows infrastructure, and I cannot for the life of me find the guestbook. It seems like the simplest thing in everyone's posts, yet it's nowhere to be found for me. Granted I can't open up any of these .EXE files, I don't think there'd be anything there if I could. SO: Is there something I'm completely missing or... *confused*
Gasmasq
New User
New User
 
Posts: 2
Joined: Sat Nov 08, 2008 9:13 am
Blog: View Blog (0)


Re: Please ask questions in this topic ONLY

Post by desiredtoe on Wed Nov 19, 2008 2:41 pm
([msg=15215]see Re: Please ask questions in this topic ONLY[/msg])

Gasmasq wrote:Ok, so I've read EVERY post in this thread, and I still cannot find the guestbook. I've looked through most every file (WEB, Windows, Program Files) and cannot find what everyone is talking about. I understand that I represent a small minority of people doing these missions from a Mac, but I do have an understanding of Windows infrastructure, and I cannot for the life of me find the guestbook. It seems like the simplest thing in everyone's posts, yet it's nowhere to be found for me. Granted I can't open up any of these .EXE files, I don't think there'd be anything there if I could. SO: Is there something I'm completely missing or... *confused*


Uhm, are you talking about the guestbook that can be easily found in one of the student's webpages? Where it says "Sign my Guestbook." Because it seems very easy to find to me.
Anyways, I see where the admin panel is, only because the url for it was all over the guestbook, is there any other way to get without cheating?
desiredtoe
New User
New User
 
Posts: 29
Joined: Thu Jul 17, 2008 9:36 am
Blog: View Blog (0)


Re: Please ask questions in this topic ONLY

Post by DarkLeGenD on Mon Nov 24, 2008 5:34 pm
([msg=15399]see Re: Please ask questions in this topic ONLY[/msg])

Okay we all know by now that you use "file://C:/"

But what I try to get out of these missions are stuff that I can use in REAL situations...

I did all kinds of searching for DOS commands and such and I found "C:\" is used as the main "tree" branch

I also seached for "file://C:/" and nothing came up just a bunch of junk.

Would some one please explain WHY we use "file://C:/"? Im tired of just finding hints, I dont care for hints. I want to accualy LEARN this stuff, not cheat sheets. Im not trying to come about as a jerk, but I just am really confused why you use file://C:/ if you havent already noticed this is one of my first posts and I HAVE finished all of Basic and Javascript and started realistic and logic...ect So im not some noob trying to flame the forums.

I also think that if people would explain WHY more (but not spoil) and not just give "cheats" or hints then Hackthissite.org would become the ULTIMATE hackers training ground.

Thanks
DarkLeGenD
New User
New User
 
Posts: 2
Joined: Sun Nov 09, 2008 3:24 am
Blog: View Blog (0)


Re: Please ask questions in this topic ONLY

Post by Anderkent on Mon Feb 16, 2009 1:34 am
([msg=17990]see Re: Please ask questions in this topic ONLY[/msg])

That is becouse when you use the server proxy, the url is executed relative to the server. That means file:// is actually the file system of the server, not your machine. So, file://c:/, being the url for c:/ drive on windows, will open the c:/ directory and forward it to you. Then if you type in the right following directories, you can easily explore the file system of the server, which will tell you... you know what.
Anderkent
New User
New User
 
Posts: 5
Joined: Sun Feb 15, 2009 9:46 pm
Blog: View Blog (0)


PreviousNext

Return to (Real 12) Heartland School District

Who is online

Users browsing this forum: No registered users and 0 guests