Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by Monica on Tue Feb 23, 2016 3:49 am
([msg=91681]see Re: Please ask questions ONLY in this topic.[/msg])

hi i spent at least 25 days, 18 hrs, and 44 minutz on this

this is vry difficult, im gonna get kancer

can any1 plz just tell me answer??????
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 921
Joined: Thu Oct 02, 2008 12:29 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ghostheadx2 on Sun Mar 27, 2016 5:47 pm
([msg=92030]see Re: Please ask questions ONLY in this topic.[/msg])

@Monica,

No, because then you won't actually learn anything.

-- Wed Mar 30, 2016 12:25 am --

So I'm trying to get a grasp of the right knowledge:

PHP (I'm guessing its a technique that uses PHP, SQLi?)

Moderate HTML

directory traversals (so I need to learn even more about these than before right?)

So that's what I get so far. So is this like a directory traversal php injection thing? That's what I've been trying to find on google.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Jbraithwaite on Fri Apr 01, 2016 1:57 am
([msg=92060]see Re: Please ask questions ONLY in this topic.[/msg])

The hacker overwrote the sites index.html page. In what way would someone be able to POST data to that site? IF they can POST data and it becomes a webpage on it's own, how do you think they could replace the original index.html page?

Don't need to over complicate this one, the method is there, you just need to think about it in another way.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ghostheadx2 on Sun Apr 03, 2016 11:38 pm
([msg=92075]see Re: Please ask questions ONLY in this topic.[/msg])

Is there anything I can google or read about that might help that I didn't list? I've been trying to figure this one out for a while. I can't find anything on google that might point me in the right direction. I'll keep trying I guess because I have to get it at some point.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Monica on Tue Apr 05, 2016 5:55 am
([msg=92084]see Re: Please ask questions ONLY in this topic.[/msg])

@ xxghostheadhacker2xx -- Jesus fucking Christ. How many lines of coke did you snort during this mission? Which part(s) are you stuck on? Or are you specifically confused about directory traversal?

Read this article here written by someone with a small penis. Like, actually read it. Then think about it a few. This time without any drugs.
hi am new so plz dont troll me or i report 2 the HTS mods ty
User avatar
Monica
Contributor
Contributor
 
Posts: 921
Joined: Thu Oct 02, 2008 12:29 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ghostheadx2 on Wed Apr 06, 2016 1:42 am
([msg=92091]see Re: Please ask questions ONLY in this topic.[/msg])

I get to the point where it says "That's not allowed weirdo" or when it says I have to use a file name. So I'm guessing I have to traverse the directories to find the file name but I don't know how. I try to post info to the server but I can't get commands to execute to get the results of the commands in the results of the files. It just says "That's not allowed weirdo."
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by markedman10 on Wed Apr 06, 2016 9:16 pm
([msg=92101]see Re: Please ask questions ONLY in this topic.[/msg])

Hi there! So I just (barely) completed this mission, with the help of some good hints from this and other forums.

My question is, though, how do we know to use directory traversal? How do we know where certain files might be and where other files might not be? Is it just trial and error? I'm asking because this is a realistic mission, and obviously if it were truly real there would be no hints.

Essentially, I get the how, I just don't get how you know the how, if that makes sense.
markedman10
New User
New User
 
Posts: 1
Joined: Wed Apr 06, 2016 9:12 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Wed Apr 13, 2016 7:37 am
([msg=92132]see Re: Please ask questions ONLY in this topic.[/msg])

markedman10 wrote:Essentially, I get the how, I just don't get how you know the how, if that makes sense.

Learning basically. You can find the location on the website where the original poems are stored, you could guess how the program adds information (due to knowledge of how those systems work) and you know someone already found a way in. So with what you see, you could deduce where to go and how to do it.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ghostheadx2 on Mon Apr 18, 2016 7:31 pm
([msg=92165]see Re: Please ask questions ONLY in this topic.[/msg])

I think I need more specific help because I'm stuck. Can I PM someone? I've tried for like two to three weeks.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Jbraithwaite on Tue Apr 19, 2016 2:52 am
([msg=92167]see Re: Please ask questions ONLY in this topic.[/msg])

You need to think of a site like a folder structure. That's all a site is on a web server. If you were in a certain folder in Linux and you wanted to move something to another folder without using the paths to the folder how would you do it?

When you click a link, or use a resource on a site you're issuing a command to get the webserver to do something. Normal operation needs to be understood before you can make it do something it wasn't designed to do by way of posting something somewhere else. i.e moving one document to another folder.
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests