-
July 4th, 2003, 02:28 AM
#11
telnet...level 5??? hmm...dont know why u'd need telnet. Its editin the webpages source again...just need a new trick to edit the URL, its a bit smarter this time.
-
July 4th, 2003, 02:48 AM
#12
Senior Member
Alright I still cant get passed the 3 level....lol
Any hints?
-
July 4th, 2003, 03:15 AM
#13
Member
Level 3 hints and I'm STILL confused on 5
3's pretty simple. A litle crafty, but nothing you can't figure out.
You have to keep in mind that in order to check to verify that the right password was entered, the script has to have something to check it against. (well, in this case it does) It'll be a .txt file, and it's not a very creative name for the file that houses the password.
And since it's the password for level 4 you're trying to get, it's stored in the level4 folder.
So, try and piece together the directory where the password file can be found, and enter that in your web browser.
If you still can't get it, pm me and I'll help you out a bit more.
Now, for my question, if I don't use Telnet what am I supposed to do? Trying the same trick as Level 4 gives me a File Not Found error. Maybe I need to change the filename or directory?
EDIT: Hehe. It just told me "Invalid referring URL. Nice try!" and I can't decide if I was crafty and it's congratulating me or if I'm being predictable and it's mocking me.
Do not meddle in the affairs of hackers, for they are subtle and quick to anger.
I am what I am and I do what I can.
-
July 4th, 2003, 03:16 AM
#14
Senior Member
Thanx running Duck I am going to try that right now...
B-wOLF
-
July 5th, 2003, 02:47 AM
#15
yeh i'm still gettin the nice try error also...guess ya just gotta play around a bit more. Haha...maybe hack his email? if someone posts here into reply of this level dont post the password please...a tiny hint would be ok but dont spoil it...i gotta get this level now :-/...lemme know running duck if u make any progress
hey running duck here's the website's code that i have so far...i think somewhere its hiddin that the button referes to a real URL or real email addy.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title>Hack This Site</title>
</head>
<body bgcolor="#FFFFFF" text="#293E6D" link="#1D2C4D" vlink="#1D2C4D" alink="#000000">
<center>
<hr color="#293E6D" width=500></center>
<table width=500 cellspacing=0 cellpadding=0 border=0 align="center">
<tr>
<td width=100 valign="top">
<font face="verdana" size=1>
HTS:
About
F.A.Q.
Top Scores
Jump to:
Level 1
Level 2
Level 3
Level 4
Level 5
Level 6
Level 7
Level 8
Level 9
Level 10
Level 11
Level 12
Level 13
</font>
</td>
<td width=400 valign="top">
<font face="verdana" size=1>
<center>Level 5</center>
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure.
<center>
<form action="http://www.hulla-balloo.com/hack/level5/level5.php" method="post">
<input type="hidden" name="to" value="deft0nes12@hotmail.com">
<input type="submit" value="Send password to Sam">
</form>
</center>
<center>
password:
<form action="http://www.hulla-balloo.com/hack/level6/index.php" method="post">
<input type="password" name="password">
<input type="submit" value="submit">
</form>
</font>
</td>
</tr>
</table>
<center>
<hr color="#293E6D" width=500>
<font face="verdana" size=1>(C) 2002 Jeremy Hammond</font></center></body>
</html>
-
July 5th, 2003, 05:22 AM
#16
Here's what it looks like to me:
For level 4, we could create our own page, and run it locally because it didn't matter where it was being run from. i.e. The Referer didn't matter
For level 5, the Referer must be the index.php page. This is how Sam protected himself from the people who created their own forms. What we want to do it change the "to" value, as in level 4, but this time we need to spoof the Referer as well. This can be accomplished by telneting to port 80. I can get the e-mail to be sent using the commands:
My problem is, I can't figure out how to override the "to" variable.
I added a "to: email" in the telnet messages, to no avail.
Any suggestions? I just don't understand URL requests well enough. Hopefully someone else does, or else I'll have to read for a few hours to figure this out.
Thanks!
\"When you say best friends, it means friends forever\" Brand New
\"Best friends means I pulled the trigger
Best friends means you get what you deserve\" Taking Back Sunday
Visit alastairgrant.ca
-
July 5th, 2003, 05:33 AM
#17
-
July 5th, 2003, 07:08 AM
#18
i did the http://www.hulla-balloo.com/hack/level5/level5.php?to="email@address" trick earlier but failed...it sais "Invalid URL Refer, Nice Try!" or something like that...i guess got kinda close but to no avail...so i dunno...
-
July 5th, 2003, 07:45 AM
#19
deftones12 > As algaen posted previously, which was what I was replying to, simply going to that url will not work. You must change the referer information to state that you went from the URL http://www.hulla-balloo.com/hack/level5/index.php. Algaen was attempting to do this by telnetting to the host. I am not sure of the process he used so I can not explain what to do there. But I can tell you, the script at /hack/level5/level5.php is checking the a header present in any internet browser, specifically, a referer header, which tells it what page you were 'refered' from, or which page you just came from, in this case it has to be /hack/level5/level5.php, not on your local box, and not hack/level5/level5.php?to="email@address"
-
July 5th, 2003, 12:41 PM
#20
Thanks The3ntropy. Thanks for pointing that out. I had already tried that, but it could have been something I overlooked.
My question was:
What does the "to=email@address" look like in a URL request? It cannot be attached to the GET request (like "GET /hack/level5/level5.php?to=email@address"), and it does not seem to work as it's own "to: email@address" request. Basically I need a way to pass a variable to the script...
I could be making this WAY TOO complicated, but I can think of no better way to go about it at the present time.
Thanks for your help guys.
\"When you say best friends, it means friends forever\" Brand New
\"Best friends means I pulled the trigger
Best friends means you get what you deserve\" Taking Back Sunday
Visit alastairgrant.ca
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|