Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by nzmcraft on Tue Feb 10, 2015 6:43 pm
([msg=86664]see Re: Please ask questions ONLY in this topic.[/msg])

i am stuck, i have found gary hunter's username and i think the password breach has something to do with the fact that login2.php can have different outcomes depending on weather it is blank wrong or right, but i dont know how to exploit it :|
nzmcraft
New User
New User
 
Posts: 1
Joined: Sun Feb 01, 2015 6:10 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ILoveYouAll on Wed Feb 11, 2015 7:44 am
([msg=86669]see Re: Please ask questions ONLY in this topic.[/msg])

nzmcraft wrote:i am stuck, i have found gary hunter's username and i think the password breach has something to do with the fact that login2.php can have different outcomes depending on weather it is blank wrong or right, but i dont know how to exploit it :|


If you have found his username, then you can apply what you learnt in Basic mission 10 and carry on.
ILoveYouAll
New User
New User
 
Posts: 2
Joined: Sat May 31, 2014 6:28 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by dawnofshadow11101992 on Tue Mar 24, 2015 11:20 am
([msg=87382]see Re: Please ask questions ONLY in this topic.[/msg])

Okay, So I don't hope I put any spoilers out there... But I think I'm on the right track. I have Gary's information and attempted to manipulate my cookies with firebug which would technically put me in his account, but anytime I change the page to try and manipulate the money in his account I end up getting no Authentication error from the main Hackthissite page... Is there something I'm completely doing wrong? Please help :)

-- Tue Mar 24, 2015 11:34 am --

Okay, I think I have it.. but i didn't find a last page that said good job. I transferred the money successfully because I realized I was on the wrong page when I was trying to manipulate the cookies. But I did the same process for trying to clear the files and all it said was you successfully cleared the files.. is there something else I am missing or did I actually complete it?
dawnofshadow11101992
New User
New User
 
Posts: 1
Joined: Tue Mar 24, 2015 11:17 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Vyrussx on Wed Apr 29, 2015 10:42 am
([msg=87857]see Re: Please ask questions ONLY in this topic.[/msg])

Hey Mods,

Is there any way you can ask someone to clean up the DB eventually?
There's over a 100 matches in my CTRL+F for "Gary" after the injection.

There's a good amount of unames that seem viable to me but i'm not gonna try all 100 of them :mrgreen:

OR IS IT REALLY THAT KIND OF EXERCISE :?
Vyrussx
New User
New User
 
Posts: 2
Joined: Wed Apr 29, 2015 10:34 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Sun May 03, 2015 6:04 pm
([msg=87906]see Re: Please ask questions ONLY in this topic.[/msg])

Vyrussx wrote:Hey Mods,

Is there any way you can ask someone to clean up the DB eventually?
There's over a 100 matches in my CTRL+F for "Gary" after the injection.

There's a good amount of unames that seem viable to me but i'm not gonna try all 100 of them :mrgreen:

OR IS IT REALLY THAT KIND OF EXERCISE :?

My advice for people struggling with this: think how the database is structured (add some accounts of your own), it's not that hard to figure out which one is the real one...
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Vyrussx on Mon May 11, 2015 10:28 am
([msg=88023]see Re: Please ask questions ONLY in this topic.[/msg])

cyberdrain wrote:
Vyrussx wrote:Hey Mods,

Is there any way you can ask someone to clean up the DB eventually?
There's over a 100 matches in my CTRL+F for "Gary" after the injection.

There's a good amount of unames that seem viable to me but i'm not gonna try all 100 of them :mrgreen:

OR IS IT REALLY THAT KIND OF EXERCISE :?

My advice for people struggling with this: think how the database is structured (add some accounts of your own), it's not that hard to figure out which one is the real one...


I must've been either really tired or really drunk when asking this.
Started over the day after and found out what I needed to know pretty easily.

Thanks for the heads up tho! Crucial tip you're giving here :-)
Vyrussx
New User
New User
 
Posts: 2
Joined: Wed Apr 29, 2015 10:34 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by anonymous501 on Mon Nov 16, 2015 12:27 pm
([msg=90618]see Re: Please ask questions ONLY in this topic.[/msg])

I have devised a solution for the transfer, and for the log deletion, but I can't seem to find the username.
I came up with a small SQL injection using the operator one would use for searching, but everytime I try to use it only returns 1 result: a blank username with a blank description.
Am I overlooking something crucial here or is the mission broken? (wouldn't be the first time, judging from earlier posts).

On a sidenote, the method I devised for the rest of the mission uses REST easy to manually send the POST requests. Judging from other posts, this is either a lot easier or a lot harder.
If it's easier, is it considered cheating (I think not, since the only thing it does is remove automation, but you never know), and if it's harder, can anyone tell me without spoiler how one would do this thing in firebug?
Thanks in advance.
It may take me years, but I will learn, and I will do to you what you have done to the innocent

Unless you wipe yourselves out before that. You idiots.
anonymous501
New User
New User
 
Posts: 16
Joined: Thu Oct 01, 2015 4:05 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by limdis on Mon Nov 16, 2015 6:21 pm
([msg=90633]see Re: Please ask questions ONLY in this topic.[/msg])

Shoot me a PM of what you're trying to do
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1657
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by 540x on Tue Dec 01, 2015 11:08 pm
([msg=90828]see Re: Please ask questions ONLY in this topic.[/msg])

Did anyone encountered the issue after clearing the log I get taken to a page (i didn't want to place the link as an spoiler) automatically which is missing instead of the regular page when you accomplished and I remain unfinished with my level 8. Please let me know when this is fix.
Be Hungry, Learn, Imply Knowledge, Teach & Repeat. ~ 540x
User avatar
540x
New User
New User
 
Posts: 14
Joined: Sun Nov 29, 2015 1:12 am
Blog: View Blog (0)


cookie

Post by killer0016 on Sun Dec 13, 2015 6:06 am
([msg=90919]see cookie[/msg])

is there any role of cookies in completing the first objective of this mission which is to transfer money. I found the account username of garry.
killer0016
New User
New User
 
Posts: 2
Joined: Tue Mar 10, 2015 4:27 am
Blog: View Blog (0)


PreviousNext

Return to (Real 8) United Banks Of America

Who is online

Users browsing this forum: No registered users and 0 guests