Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

General advice request

Post by Daedalus99 on Fri Aug 11, 2017 1:37 pm
([msg=94093]see General advice request[/msg])

Hi there, I'm new to this site and, indeed, to hacking, although I can code in Perl pretty well. I'm just looking for some general advice from someone who knows the ropes.

So obviously this task involves the traversal technique I performed in Basic 9, as some other questions imply. My question is this: how, when approaching a new task, do you determine what technique of attack is the most appropriate? Given I can't tell what the server will respond to or what language it 'speaks' (SQL, UNIX, Linux etc). Is it just trial and error or is there some diagnostic procedure I can use generally to determine what kind of attack will be required to breach the security measures?

Also, I managed the last two Realistic missions, but only with a lot of research on SQL for number 2. Has anybody got any useful guides or advice vis-a-vi SQL injection? It was really just luck that I got the answer right.


Thanks.
Daedalus99
New User
New User
 
Posts: 1
Joined: Fri Aug 11, 2017 1:25 pm
Blog: View Blog (0)


Re: General advice request

Post by conscience on Sat Aug 12, 2017 10:26 am
([msg=94095]see Re: General advice request[/msg])

Daedalus99 wrote:how, when approaching a new task, do you determine what technique of attack is the most appropriate?


1. Explore
2. Evaluate (do research if needed)
3. Make some educated guesses
4. Verify
5. If you didn't yet reached your objective, repeat from pt 1
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 275
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by El_Barto666 on Thu Aug 17, 2017 4:22 pm
([msg=94126]see Re: Please ask questions ONLY in this topic.[/msg])

I know what you have to do, but I don't know how to inject any code that would be effective. Like do you try to get access by grabbing some authentication, or can you somehow directly edit the HTML?
El_Barto666
New User
New User
 
Posts: 2
Joined: Tue Aug 15, 2017 9:48 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Fri Aug 18, 2017 9:33 pm
([msg=94128]see Re: Please ask questions ONLY in this topic.[/msg])

Directly? No. ;)
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 275
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by raiVolte on Thu Aug 24, 2017 11:23 am
([msg=94163]see Re: Please ask questions ONLY in this topic.[/msg])

I finally got it, however I consider myself reasonably knowledgeable about NIX commands and I have no idea how to accomplish this mission with them. Is there more than one way to complete the mission? Or is knowledge of d******** t********al considered part of knowing NIX?
raiVolte
New User
New User
 
Posts: 1
Joined: Thu Aug 24, 2017 11:15 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Thu Aug 24, 2017 7:41 pm
([msg=94165]see Re: Please ask questions ONLY in this topic.[/msg])

raiVolte wrote:I finally got it, however I consider myself reasonably knowledgeable about NIX commands and I have no idea how to accomplish this mission with them. Is there more than one way to complete the mission? Or is knowledge of d******** t********al considered part of knowing NIX?


The technique you hinted is a general one. Also, AFAIK there is only one way to solve this challenge.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 275
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Previous

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests