-
January 22nd, 2003, 09:09 PM
#1
Junior Member
Security Game
http://quiz.ngsec.biz:8080/game1/level2/l33t.php
Can somebody please explain this? I read the "useful reading" on the page, asked some friends, but still, I can't figure it out. I've been trying for a couple hours and nothing's working. I'd love to know how to do it, or be pointed in the right direction of how to figure it out.
Thank You
PS
I'd also like to mention that I googled and checked RFC1.1 for information.
-
January 22nd, 2003, 11:01 PM
#2
How To
From my reading of their hints you telnet to your own server or even set up a local server and use their steps to change the HTTP information sent from that server.
Since I am at work and not willing to mess with our servers to test this I hope this helps clarify a bit.
Hope this helps.
SodaMoca5
\"We are pressing through the sphincter of assholiness\"
-
January 23rd, 2003, 01:10 AM
#3
Junior Member
-
January 23rd, 2003, 01:11 AM
#4
Im not exactly sure about what they want you to do, but I suppose they want you to gain access using the referer value set by you . Don't know if its also using the password for the previous level and asking you to use the new referer to bypass a new level of security.. . I suggest you have a look at the html code, pay attention to the form action, and the values used. Then, access it via telnet and use the method (GET for instance) to access the page, giving the username and password and setting the new referer valu. Sure, I am not assuring you its the way, since I havent gone through the other levels and I am not registered there, to retrieve more info. But if I was playing, and it was all information i had, I would use the documented way of spoofing referer value, and use GET method to retrieve the file mentioned in the code (form action = ) , sending the name and password as parameters. It would be something like file.php?name=example&password=thisoneishardtoguess . Well, you are supposed to solve it on your own, it's a game, after all.. I'm not even playing, so it's better not try to steal your fun. And mainly because I dont have enough information to give you more than some guesses..
-
January 23rd, 2003, 01:26 AM
#5
Junior Member
Yeah, I already tried extracting the password from the source, but the source doesn't tell you. However, it does tell you that the login is "admin" and that the submit button with value "Submit" calls the form action "validate_l337.php" (with method "get") where I'd assume the information is stored and validated for authenticity. But that's all the source tells me. From there I'm not really certain on how to proceed.
-
January 23rd, 2003, 05:25 PM
#6
try using the old password and setting the new referer. It seems that the only problem is spoofing the referer. I think.. (will it work? :/ ).
duh.. im spoiling..
-
January 24th, 2003, 12:04 AM
#7
Junior Member
i´m trying to,nice game but don´t have better luck then you
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|