Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by ra5p1an on Sun Jan 28, 2018 10:27 pm
([msg=95203]see Re: Please ask questions ONLY in this topic.[/msg])

I made a cookie stealer using 5gbfree.com as my web host. I created a php file and a blank text file with writing enabled for everyone. When I change the user-agent appropriately, it tells me that the cookie stealer seemed to have worked and to go check. When I go to my file manager, the size of the txt file has increased but when I view the file it is blank and just contains several empty lines. Despite trying again and much troubleshooting, I cannot solve the problem. Any help would be greatly appreciated.
ra5p1an
New User
New User
 
Posts: 1
Joined: Tue Jan 02, 2018 1:17 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by why tspace on Fri Feb 16, 2018 1:51 am
([msg=95274]see Re: Please ask questions ONLY in this topic.[/msg])

Like many others, I didn't do any cookie stealing. In fact, I don't think cookie stealing works anymore...(someone prove me wrong).

For some reason, I was able to view the user with id=0, and everything was editable. I don't know why. This account was a mod account, and everything was smooth sailing from there pretty much. Can someone PM me how it's actually done? Because I'm pretty sure I shouldn't be able to get a free mod account by visiting a particular user's profile page.

I never changed my user agent (ok, I did, but it in no way helped me solve the puzzle).
why tspace
New User
New User
 
Posts: 13
Joined: Sun Feb 11, 2018 10:31 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Darth Bercik on Thu Mar 14, 2019 7:32 am
([msg=97705]see Re: Please ask questions ONLY in this topic.[/msg])

Hi, could someone pleas have a look at the sql server status on this mission?
At this point I have confirmed that I'm sending proper queries but the server does not respond (504 Gateway Time-out).
Darth Bercik
New User
New User
 
Posts: 1
Joined: Thu Mar 14, 2019 7:27 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Chainmanner on Sat May 11, 2019 6:20 pm
([msg=98194]see Re: Please ask questions ONLY in this topic.[/msg])

Darth Bercik wrote:Hi, could someone pleas have a look at the sql server status on this mission?
At this point I have confirmed that I'm sending proper queries but the server does not respond (504 Gateway Time-out).


I'm getting this problem too - if I enter an invalid query (either syntax or, for example, referencing a table that doesn't exist), I immediately get an error message response, but if I enter a proper query, then I end up with a 504. I'm guessing this isn't intentional...
Chainmanner
New User
New User
 
Posts: 1
Joined: Sat May 11, 2019 6:12 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ahmedbarwary on Mon Jun 17, 2019 3:53 pm
([msg=98418]see Re: Please ask questions ONLY in this topic.[/msg])

When I am trying to solve the mission, I got the following error from the server: 504 Gateway Time-out

any solutions!!!
ahmedbarwary
New User
New User
 
Posts: 1
Joined: Mon Jun 10, 2019 3:20 pm
Blog: View Blog (0)


504

Post by und3x on Sun Feb 23, 2020 11:15 am
([msg=100698]see 504[/msg])

Why I get 504 When I'm asking all jedi names from master Obi-Wan?
und3x
New User
New User
 
Posts: 7
Joined: Fri Aug 23, 2019 2:17 pm
Blog: View Blog (0)


504

Post by GameNCode on Sat Mar 07, 2020 8:43 am
([msg=100999]see 504[/msg])

I think this mission is derped. Can't send any SQL query. Wasted a ton of time on making a cookie stealer, got mod, got a ton of users. Can't do anything on the radio site :(
GameNCode
New User
New User
 
Posts: 1
Joined: Wed Mar 04, 2020 3:24 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by perojuric on Sun May 03, 2020 8:44 am
([msg=103995]see Re: Please ask questions ONLY in this topic.[/msg])

First of all, for all the users who think that this mission is "derped", it's not. It works EXACTLY as it should.
I've spent 5 days on this mission because I didn't want to look at the forum for help. Actually I lie on this one. I clicked once after 1 day of trying everything ("http://www.hackthissite.org/articles/read/980") just to see what I need to know to solve this mission (I scrolled the thread just to the point where it say what you need to know) and I've clicked second time on the same link when I got the mod rights on *IMPORTANT* site and after I learned the code itself of the *IMPORTANT* enough to understand that all of my options were exhausted. But I never looked at the spoilers. Not saying that to brag, I just want to encourage people to push themselves to the limits. Some people will need help sooner than others, but the point is to push yourself to the limits. That is the point of these missions on HTS. It's to LEARN.

Now, I didn't found my path to the solution accidentally. I'm actually a software engineer and I know the syntax of C#, Java, PHP and some other programming languages, as well as some scripting languages, SQL etc.... Never been into Perl and I never would of thought that I will learn the Perl script language syntax too. It was well worth it.

On the last step, when I had to download that damn file, it helped me a lot that I've been learning how the Perl code COULD work under the hood. I was thinking about all that source code of the *IMPORTANT* site and where the code could have a flaw. And I came to last possible option that I could of think of, and guess what. IT WORKED! I'm a little sad that I had to seek for help on two occasions, but hey, no one knows everything. And I learned a lot!

To sum it all,
1) Try everything on your own.
2) Look for informations and learn.
3) Push yourself to the limits. It'll pay out at the end, trust me :)
4) Look for help when you tried EVERY other solution.
5) Pay attention to details.

And at the end, I salute to developers of the HTS! These were 5 amazing days for me :)

-- Sun May 03, 2020 10:01 am --

HaSheR wrote:about 3 years ago i had an HTS account with some missions completed but i forgot the pass & the email no longer exist, so i had to create this one and start over again.. but am quite stuck ond the ond of this mission..

on the download of the corresponding file i keep getting acess denied..
i had read some post saying that is all in the URL.. but i cant figure it out.. at leas til now..

any hint plz

It's not the point just to pass the mission or to get to solution with pure luck. You need to learn stuff and you need to understand why something works and something not. But that's just my opinion.
perojuric
New User
New User
 
Posts: 4
Joined: Sun Apr 26, 2020 12:47 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by SoftDreamer on Wed May 13, 2020 4:34 pm
([msg=104360]see Re: Please ask questions ONLY in this topic.[/msg])

For those, who are curious about using XSS in this task and about why it didn't work (like in my case). Complete the task first without XSS, on download page you'll be able to get a file index.pl and see how the site reacts on xss.
SoftDreamer
New User
New User
 
Posts: 2
Joined: Thu May 07, 2020 6:26 pm
Blog: View Blog (0)


Previous

Return to (Real 11) BudgetServ Web Hosting

Who is online

Users browsing this forum: No registered users and 0 guests