So how do you do it?

Questions? Stuck? post here....
Post Reply
User avatar
floodhound2
∑lectronic counselor
∑lectronic counselor
Posts: 2114
Joined: 03 Sep 2006, 16:00
14
Location: 127.0.0.1
Contact:

So how do you do it?

Post by floodhound2 »

Ok so I can write code but not good at haxorz on a website. Please give me some knowledge on how this wargame1 was infiltrated. Perhaps you can begin pointing my ass in the right direction. Some html knowledge needed? Help me out !!! :oops:

₣ĽΘΘÐĦΘŮŊÐ

User avatar
sternbildchen
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 421
Joined: 26 Apr 2006, 16:00
14
Location: Germany

Post by sternbildchen »

No code writing needed here. Don't think to complicated... :)

pseudo_opcode
cyber messiah
cyber messiah
Posts: 1201
Joined: 30 Apr 2006, 16:00
14
Location: 127.0.0.1

Post by pseudo_opcode »

ok a big hint:
here's all the tools you need for both wargames:-
1.Web browser

Thats it..

User avatar
floodhound2
∑lectronic counselor
∑lectronic counselor
Posts: 2114
Joined: 03 Sep 2006, 16:00
14
Location: 127.0.0.1
Contact:

Post by floodhound2 »

All right people I spent a few hours at work trying to get into Good_Brain account. I am sure I need to put something in to the web browsers address like user.php = 0 or something added to the already listed address, but I can get it. Please feel me in on some details; I am trying to learn this but no assistance is hurting my progress. I have viewed the source code but I am stumped. Email me some info will you.
₣£ΘΘĐĦΘŮŇĐ

User avatar
Gogeta70
^_^
^_^
Posts: 3253
Joined: 25 Jun 2005, 16:00
15

Post by Gogeta70 »

Well, i'm glad you're trying the challenges, that's what i coded them for. Your in the right direction, url manipulation is the key in this challenge.
¯\_(ツ)_/¯ It works on my machine...

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
15
Location: Michigan USA
Contact:

answers

Post by DNR »

flood,
The answer will be released soon. You are in the right direction, you are attempting to traverse the directories to bypass login. The answer is in the code, and you'll need to craft the URL to match.

Good job brah,

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
floodhound2
∑lectronic counselor
∑lectronic counselor
Posts: 2114
Joined: 03 Sep 2006, 16:00
14
Location: 127.0.0.1
Contact:

;(

Post by floodhound2 »

All right I don’t care to hack the website unless I know more about the .php and some web site information in general. I know what is going on in this particular security flaw; however as you all know I don’t know how to properly type in the correct addressing link. I have since tried to catch some of you on mIRC and so far no success. I just need a little one on one to learn some more details on the particulars I am lacking in.

Peace and hope to get to see some of you on mIRC soon.

I will google and gain !!!!!!

TheKingOfHearts
Moderator
Moderator
Posts: 901
Joined: 18 Sep 2006, 16:00
14
Location: on my Throne
Contact:

Post by TheKingOfHearts »

well look i am a noob but this is how i passed it

Guide (no spoiler):

you know about php where it put the thing in the back?

well look :

sitesite.com/index.php?crap=bla

well thats what lvl one is about...

you might need to sign up and view what happens when you are logged in

Spoiler :
------------------------------------#
URL bar
------------------------------------#

Post Reply