wargame #2

Post by **CommonStray** » 11 Dec 2006, 22:52

allright, here we go:

Scenario:
Poor little Alexis has had her peace web site hacked! It seems they simply replaced the page, so the damage should be undoable.... Just try to get the old index back!

(PS: there was a hint in the scenario)

same rules as for #1: send a PM to me or one of the staff members including the password which is displayed when you have successfully finished the challenge. (umm, best send it to me, some of the staff members are on vacation or are very buisy with their jobs or school at the moment

)

thanks to gogeta70 for developing this scenario!

enter the wargame HERE.

edit: due to the latest posts in this thread the original has been moved to the General Discussion board due to its non-relativity to this original post or its purpose... -Circuitbomb

Post by **CommonStray** » 02 Jan 2007, 20:24

send any and all reports for this wargame to bad_brain

Post by **alien100** » 03 Jan 2007, 07:38

i think i solved it

Post by **bad_brain** » 03 Jan 2007, 08:14

when you have solved it a password will be displayed, send it to me via PM when you think you have it...

Post by **alien100** » 03 Jan 2007, 09:14

i got to the little girls page its all pink with poems

Post by **bad_brain** » 03 Jan 2007, 10:18

good...but that's not all....the old index needs to be restored, access is not enough..

but you're no the right path...

Darkz · Post by **Darkz** » 05 Jan 2007, 13:31

Man these games are hard as hell :p is there any games for newbs? i've just started on programming.. mostly html at the moment, i will continue to java soon. any games for newb html coders? (not good html coders) i bet this game has something todo with html too but.. waht evar.

knightm4r3 · Post by **knightm4r3** » 05 Jan 2007, 17:37

okay im on the pink page now too .. that part wasnt bad, now password lookin time

Post by **Gogeta70** » 05 Jan 2007, 19:15

Darkz, these wargames are targeted at noobie hackers. Do you think the elites need experience? Anyway, just think outside the box, or the webpage more like it. How can you send information server side and have it affect you? Think about what your actions will do. Every action has an equal and opposite reaction, including on web servers

Darkz · Post by **Darkz** » 06 Jan 2007, 14:51

hmmz i think i need to learn a... little more before i start on this

Tep · Post by **Tep** » 14 Feb 2007, 14:21

Ok so i got level one solved and moved on to this.

I tried using SSI and Directory Transversal but i get "Thanks for your submission"

so am I on the right track and if not can i get a little push in the right Direction

Hah i even tried using javascript to change the action to ="index.php" but the just took me back to first page

and if need i can PM what i put im the Title and poem as it would be a spoiler i think

Post by **Gogeta70** » 14 Feb 2007, 14:29

You're on the right track. Think about what happens when you submit a poem. Where does it go? What is it saved to? How is it saved?

Post by **floodhound2** » 14 Feb 2007, 16:25

TEP I want to kill you right now. Reason is, I forgot about this un-solved game until I read your post today; thus in effect reigniting my desire to solve it. This is a Huge Huge problem for my obsessive nature; about now I am so pissed off that I have began boiling off flesh and pulling out my hair.

You gogeta70 will have to post a link or give out some clues about this damn %$#@ ass war-game. I have manipulated the address bar on my browser in such a fashion it has become more confused than me.

So far at this point I have learned, or think I have learned the following;

I am thinking this is a method of some type
--form action=sendin.php method=post-- “sendin.php” is the redirected site I keep seeing

This is a property of the method
--input type=submit value="Send!--" What’s the opposite of this?

But I can’t figure out the link manipulation, so before I clear out my office from high pitched screaming and category 5 river flooding crying please send me some type of clue to solve this on going nightmare.

Post by **Gogeta70** » 14 Feb 2007, 16:59

Okay, okay, here are some clues...

1. Every time you submit poetry, the title is used in the file name.

2. You don't have to use javascript in this wargame.

3. Your complete focus should be on the entire source of the page, and what you can do with it.

Have fun guys.

copy and paste

Tep · Post by **Tep** » 14 Feb 2007, 23:01

Well i knew you didnt use javascript sorry that i threw you off floodhound

and i use directory transversal in the title and it does not seem to work (should i use ../../<targetfile> instead of ../targetfile?)

and i knew what to use as the poem xP