Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by agentStag on Tue Jan 13, 2015 10:55 am
([msg=86255]see Re: Please ask questions ONLY in this topic.[/msg])

What a mission!!! :D
So many steps and techniques. Loved it!
No cookie stelaer!!!
Yes user agent switcher.
Dot notation won't work so look for something else.
Perl command piping only needs one character to make you commands work.
Most of the hacking happens on the source code and URL.

If anyone reading this still needs a hand, feel free to send something.
agentStag
New User
New User
 
Posts: 5
Joined: Tue Dec 23, 2014 5:11 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by brubru on Thu Mar 12, 2015 9:12 am
([msg=87153]see Re: Please ask questions ONLY in this topic.[/msg])

Great mission, really felt like something.
Spent too much time trying to abuse the mod page, and the logger spoiled me the part where we have to find a usable account, but I learned a lot.
I would only reproach the cryptic error messages during the logger part, because we don't know if this is supposed to come from the legit perl script or if this is some guidance from hackthissite.
Thanks team :)
brubru
New User
New User
 
Posts: 3
Joined: Thu Feb 26, 2015 8:24 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by parado on Fri Mar 27, 2015 8:32 pm
([msg=87461]see Re: Please ask questions ONLY in this topic.[/msg])

Could someone explain how to write the cookie stealer? I know that it is not necessary, but still.

Specifically, I want to know why we must write a script and host it on a different website to be run by the u***-****t weakness.
Instead, why could we not insert the contents of the script directly into u*******t.

For example, why does this not work?: u***-a*** = <script> alert(d*******.c*****e) </script>
parado
New User
New User
 
Posts: 4
Joined: Sun Mar 22, 2015 10:21 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Fri Mar 27, 2015 9:27 pm
([msg=87464]see Re: Please ask questions ONLY in this topic.[/msg])

parado wrote:For example, why does this not work?: u***-a*** = <script> alert(d*******.c*****e) </script>

This does not work because the code needs to be run by another user in order to give their cookie to you. This code will just output their own data to themselves (or your cookie to you), which isn't helpful.

parado wrote:Could someone explain how to write the cookie stealer? I know that it is not necessary, but still.

While I will not give you specific code (spoilers...), the idea is to let code run on the victim's machine to get their cookie data and send it to you in one way or another. So with JavaScript you would create something that doesn't look suspicious or is almost invisible and let it be run by whoever you want to bait. The user will open the site and unintentionally run your JavaScript, which then sends the cookie of that site to you in whatever way you coded.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2154
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by vijayprathap on Thu Apr 23, 2015 1:23 am
([msg=87791]see Re: Please ask questions ONLY in this topic.[/msg])

I finally finished this mission. I feel cookie stealing and user agent switching are misleading as i didnt use them at all. perl piping, querying tables in sql lite and directory traversal are more than enough for this mission.
vijayprathap
New User
New User
 
Posts: 1
Joined: Sun Mar 21, 2010 1:55 am
Blog: View Blog (0)


Strange session behaviour

Post by Nalaurien on Sun Jul 12, 2015 5:56 am
([msg=88968]see Strange session behaviour[/msg])

OK, this is a bit of a side track, because it just made me so curious i was trying something else that isn't exactly the mission but was on the way. But i can't figure out why its happening the way it is, and it bugs me to no end. someone help me understand this?

Ive already completed the mission, but right after you get into the forums via your session you end up with someone's session. user id=whatever so i was like oh hey, i can use this a couple of times and decrypt the password hash for every user this way, if i can get a few accounts and figure out what the hashing technique is!

cool, so i steal more sessions. a few in fact. and i set the first couple to the same password, then log into the mod account and check the hashes. same hash appears for all of them, so far so good.

now i want to see if changing one slightly makes a different hash, so i log back into one of the accounts and change it. profile updated. Nice! step 2 accomplished, checked the hash via mod account, indeed its different.

ok now to take a few accounts and progressively change the passwords to find the pattern im looking for.

i try to log into the other accounts. invalid login. i reset all the passwords that i changed to the same password i had before to verify i didnt mistype anything. i goto the mod account, they all have the same hash.

some of them i can log into some of them flat out are just all "invalid login" its infuriating! i cant figure out what its doing.
Nalaurien
New User
New User
 
Posts: 1
Joined: Wed Oct 05, 2011 12:35 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by NoyP on Sun Aug 23, 2015 10:06 am
([msg=89485]see Re: Please ask questions ONLY in this topic.[/msg])

I think the mission is down.
I got the username and password and when I login exactly as it is written i get the webmail error webpage. Any help please?
NoyP
New User
New User
 
Posts: 3
Joined: Thu Jun 11, 2015 9:27 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by BarkNum on Fri Sep 25, 2015 9:11 pm
([msg=89881]see Re: Please ask questions ONLY in this topic.[/msg])

So, I understand what I'm supposed to do (I'm at the radio section, and I know I have to use some User-agent trickery) and I just want to know if anyone knows of a place where I can host my cookie stealing php script without getting flagged for hacking/illegal activity? Thanks!
BarkNum
New User
New User
 
Posts: 3
Joined: Wed Mar 25, 2015 1:08 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by bolz83 on Mon Jun 12, 2017 3:14 pm
([msg=93761]see Re: Please ask questions ONLY in this topic.[/msg])

Is this realistic broken?

During the cookie retrieval I'll receive:
DBD::SQLite::db do failed: database is locked at ./inc/ot.pl line 312

Yesterday I got a 403 error (because I didn't write the script on my server) now I've got the script and I'll get the error above. Even when I use a wrong URL where the 403 from yesterday should pop up?

-- Mon Jun 12, 2017 4:26 pm --

Nevermind, seems like it was related to my https
bolz83
New User
New User
 
Posts: 3
Joined: Fri Jun 09, 2017 5:34 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Starman11 on Fri Jul 21, 2017 8:22 am
([msg=93968]see Re: Please ask questions ONLY in this topic.[/msg])

im stuck at the user agent part, im not sure how to exploit the logger.html, do we need to make it a different .html or add extra commands or something? i am certain its not SQL injection is that right? is it javascript injection?

never mind, i got the mod account. i didn't realize that was it, i thought we had to inject some code in the user agent to get the mod details, or am i missing something here?

YAS! finished, but i couldn't have done it without the help of Nines, thanks very much for your article! i didn't necessarily have to change my user agent though, and even though i did change it, im not sure i changed it to the correct value, i was able to find what i was looking for just by clicking on one of the links from you know where. and i will admit i didn't use a cookie stealer, although in a previous challenge there was something about cookies, it was the crapysoft level, i looked at how to create a cookie stealer for real level 9 even though it wasn't necessary. perhaps next time i'll try to complete this level with cookie stealing :)

if someone wouldn't mind pming me about the logger.html and user agent, was it absolutely necessary to change the user agent? i passed the level without being sure of whether i changed it to the correct value or not
Starman11
Experienced User
Experienced User
 
Posts: 50
Joined: Wed Jul 27, 2016 9:07 am
Blog: View Blog (0)


Previous

Return to (Real 11) BudgetServ Web Hosting

Who is online

Users browsing this forum: No registered users and 0 guests