Please ask questions ONLY in this topic.

A little girl made a website to post poetry related to peace and understanding. American fascists have hacked this website replacing it with Hitler-esque propaganda. Can you repair the website?

Re: Please ask questions ONLY in this topic.

Post by gatopardos on Sat Apr 23, 2016 11:08 am
([msg=92191]see Re: Please ask questions ONLY in this topic.[/msg])

doesnt says how many directories we should go back though
gatopardos
New User
New User
 
Posts: 3
Joined: Fri Apr 15, 2016 1:03 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ghostheadx2 on Sun May 01, 2016 9:49 pm
([msg=92247]see Re: Please ask questions ONLY in this topic.[/msg])

I am trying firebug and still can't get it to work. I am assuming that I should be able to execute some JS or PHP code on the place where I can submit (which I've found), and now I need to use that to use path traversal, which I'm confused on. I found this:

https://www.owasp.org/index.php/Relative_Path_Traversal

but even with that PHP I can't figure out which directory it would be in. I tried PHP including:

/var/www/hackthissite.org/html/missions/realistic/3/

but got an error. It seems like I'm stumped at this point.
ghostheadx2
Contributor
Contributor
 
Posts: 727
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Jbraithwaite on Mon May 02, 2016 2:30 pm
([msg=92253]see Re: Please ask questions ONLY in this topic.[/msg])

Where is a homepage usually located on a website?
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ghostheadx2 on Fri May 06, 2016 8:46 pm
([msg=92265]see Re: Please ask questions ONLY in this topic.[/msg])

I hope I'm not spoiling anything by this.

What I'm confused about isn't the locations. I think I could do that if I knew how to apply directory traversal in a meaningful way. The "/./" and "/../" commands don't work on this, even with firebug. I try them in the URL bar and it doesn't do anything. I'll look it up on the internet since you told me to look up the location. I'm just confused about the path traversal portion and what I'm doing that's not working. I tried changing the tags to link to the root directory of the site and it doesn't work either. I'm absolutely sure I just don't understand directory traversal well at this point, but I'm taking your advice. I think I'm on the verge of a break through. I'm also trying to change the hrefs to get the index and its not working either. If you want me to list some other stuff I've tried I'd love to share

when I try listing contents of the root directory it does nothing

when I try changing the href's it does nothing

*** SPOILER REMOVED ***
when I find out where form data is stored, I can't use directory traversal to access it.

Based on this, I'm guessing I'm just doing everything wrong and maybe I'm just overthinking it. I don't want anyone to give me the answer, but I said all that because maybe that will give you an idea of where I'm at.

I get the "that's not allowed weirdo" and "you must enter a file" in there, but if I try to enter enough different commands, I occasionally get an "nginx" error of some sort and I think nginx is a web framework like apache.

UPDATE!!! I've now also tried this and found that's one way of getting the nginx error or other errors in general:

Code: Select all
https://www.hackthissite.org/missions/realistic/3/readpoems.php/..%2f..%2f..%2f..%2f..%2f
<-- that gives me nginx error

Code: Select all
https://www.hackthissite.org/missions/realistic/3/readpoems.php/..%5c..%5c..%5c..%5c..%5c
<-- this one list makes the screen white, but doesn't really list everything

I'm wondering about using firebug to insert php code to generate the directory traversal vulnerability but I don't think it will help. In fact, I tried it just now. It didn't.

-- Fri May 13, 2016 12:04 am --

I've tried server side includes both on the index.html and in the submission box. I think I can see how the one liners fit into an input box but I don't think you can use both one liners in the same submission box anyhow. Unless, I think I have something I might try. Nope it didn't work. Hmmm...

-- Fri May 13, 2016 12:15 am --

I tried the linux copying command as shown on this page:

http://www.cyberciti.biz/faq/copy-command/

And what I try is something like this in the input box where your supposed to submit stuff on the one line input box:

<!--#exec cmd="cp HIDDEN_HOME_PAGE.html FAKE_HOME_PAGE.html"-->

<!--#exec cmd="cp oldindex.html /~"-->

I also tried copying the old home page onto the new home page (see how I didn't use spoilers? Used nicknames for the pages.) So yeah, it didn't work. I'm totally going in the wrong direction. I'm going to get back to work on my finals now but I will solve this eventually. See, I know thought the homepage was in the root directory but apparently that wasn't the right piece of info for the job, or it was but I'm not applying it properly.

-- Sun May 22, 2016 8:52 pm --

I tried using echo command to write to the index.html file. Am I getting warmer? Is it not a linux command?
ghostheadx2
Contributor
Contributor
 
Posts: 727
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Fri Jun 03, 2016 8:58 am
([msg=92409]see Re: Please ask questions ONLY in this topic.[/msg])

Wow, you're seriously thinking way too hard for this. At least you learned a lot. You can't read back what you post because it isn't actually stored. If you're trying something, do it, don't test if it worked (in this case).
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2154
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dark_hors3 on Wed Sep 28, 2016 1:56 am
([msg=92967]see Re: Please ask questions ONLY in this topic.[/msg])

finally worked it out :D :o how simpily it was :twisted:
dark_hors3
New User
New User
 
Posts: 3
Joined: Sun Sep 25, 2016 3:59 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by tb3aux on Wed Oct 12, 2016 8:17 pm
([msg=93014]see Re: Please ask questions ONLY in this topic.[/msg])

I have completed this mission. Is there an expert/moderator I can PM with a few questions? I am avoiding posting spoilers.
tb3aux
New User
New User
 
Posts: 2
Joined: Sat Mar 26, 2016 8:48 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ran_yakumo on Sat Dec 17, 2016 12:09 am
([msg=93182]see Re: Please ask questions ONLY in this topic.[/msg])

gpegasus77 wrote:After 4 days of getting crazy and no poin to get it?
I understood what i did but i was walking blind on it.
I assume i was storing a file but: how to be certain of it?
when i did ../index.html what was the code actually executed?
Trying and trying i get to the answer to this and next realistic solution but i don't alwais get WHY it works on this way.


dude you just spoiled it and gave out the answer

-- Sat Dec 17, 2016 12:10 am --

however, I do want to know how this works too... why a post method can overwrite files
ran_yakumo
New User
New User
 
Posts: 6
Joined: Fri Dec 16, 2016 10:00 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Sat Dec 24, 2016 8:51 am
([msg=93221]see Re: Please ask questions ONLY in this topic.[/msg])

ran_yakumo wrote:...
however, I do want to know how this works too... why a post method can -- I removed this, because it gives part of the challenge away --


It's not the POST method itself that does the overwrite, it's the web application you're invoking.
I have a hard time explaining it without adding spoilers, but I'll try to anyways.
So, we are dealing with a naive persistence solution here. Persistence is any kind of long term data storage, be it and RDBMS, be it raw files, NoSQL or whatever. The key is storing data for later use.

The PHP script here receives the data and based on one of the inputs, it stores whatever you provided somewhere. Given you have broad enough control of somewhere, you can target the resource you want to overwrite, be it an admin account in the DB, be it a file you want to change, etc., depending on the actual type of persistent storage.

I hope that makes at least some sense. Feel free to PM me for a better explanation.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 271
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by shashank96 on Tue May 09, 2017 7:34 am
([msg=93675]see Re: Please ask questions ONLY in this topic.[/msg])

Okay somehow I completed this mission but I have some doubts about it. Can someone please help me understand it? Pm me if possible.
shashank96
New User
New User
 
Posts: 2
Joined: Tue May 09, 2017 7:29 am
Blog: View Blog (0)


PreviousNext

Return to (Real 3) Peace Poetry: HACKED

Who is online

Users browsing this forum: No registered users and 0 guests