-
May 9th, 2007, 11:59 AM
#211
Member
Originally Posted by realshady
uhm i don't think you need that file or even will find that file at all. more sounds like you need to find a hidden log in.
a hidden log in?????
at which page
guestbook.php
or
admin.php
-
May 9th, 2007, 01:44 PM
#212
100 levels ??? I'd give up now!
-
May 9th, 2007, 08:00 PM
#213
Junior Member
Am I missing something? I was stuck at lvl. 2, read through a few pages here, and it said something about looking closer. I figured ascii art, like 13 was a b or something, anywhere near the right way to look at it?
-
May 10th, 2007, 02:51 AM
#214
Member
@youkosnake
look at the source... no art, just usual text as it is...
de
-
May 11th, 2007, 10:43 AM
#215
Junior Member
Originally Posted by ttn628826
a hidden log in?????
at which page
guestbook.php
or
admin.php
lol if you read my answer you could know that i am not at that level. At the moment just waiting for a mail for level 20 but i don't get any so i can't help at the moment.
-
May 16th, 2007, 04:28 AM
#216
Junior Member
anyone reached level 20 yet? i've reached level 20 (got the email from author), and decoded the given codes, got the link that points me to a guestbook. i guess i have to do something at this guestbook but looking at the source it says
<!---- there's no clues in this output HTML! ---->
i'm outta ideas right now.
-
May 16th, 2007, 03:04 PM
#217
Junior Member
Yes...If you do a search for "Sad Raven's Guestbook vulnerabilities", you'll find a number of them. Unfortunately, most of the sites are in Russian so it's a bit of a challenge...
The most obvious vulnerability is password disclosure (trying to get the passwd.dat file) but that doesn't work. I believe the guestbook has been broken, severely restricted, or not set up correctly.
Other stuff I've tried is crosssite scripting and PHP injection, but those don't work either. Next is trying to pass a cookie to the site, but that particular vulnerability didn't translate very well at all:
"if we establish to its machine correctly composed cookie, then it is possible to enter into the adminskiy interface"
Still trying...
-
May 16th, 2007, 03:56 PM
#218
Junior Member
Hello all! I signed up to this forum after I couldn't work out how to do level 9.
All I'm seeing is the words 'Crack the password', and the source of the page just looks like this:
HTML Code:
<HTML>
<HEAD>
<base href='http://www.hackertest.net/'>
</HEAD>
<BODY BGCOLOR="ffffff" TEXT="000000" BG="images/phat.gif">
<br><br><p align=center><b>Authentication Failed. Try again.</b></BODY>
</HTML>
That image isn't for this level, so now what am I supposed to do?
Oh yeah, and I'm also writing a guide for the tests as I go through them. It's in the format
General Info - Just says what you can see
Hints - Hints in the order of how much they give away
Walkthrough - Just tells you what you need to do to complete each level.
So far I've written it up to level 8, but obviously I'm going to need some help myself as I can't make it past level 9
Last edited by tyranic-moron; May 16th, 2007 at 04:29 PM.
-
May 16th, 2007, 04:30 PM
#219
Junior Member
Originally Posted by tyranic-moron
That image is just the one for level 8
What image? BG="images/phat.gif"? Are you sure?
Hint: take a look at the image in photoshop (or gimp if you don't have photoshop).
-
May 16th, 2007, 05:22 PM
#220
I must be missing something on Level 6....... ARRRRRRR!!!!
var initialsubj="Hello, I want you to see this site."
var initialmsg="Hi:\n You may want to check out this site: "+window.location
var good;
function checkEmailAddress(field) {
var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\.info)|(\.sex)|(\.biz)|(\.aero)|(\.coop)|(\.museum)|(\.name)|(\.pro)|(\..{2,2}))$)\b/gi);
if (goodEmail) {
good = true;
}
else {
alert('Please enter a valid address.');
field.focus();
field.select();
good = false;
}
}
u = window.location;
function mailThisUrl() {
good = false
checkEmailAddress(document.eMailer.email);
if (good) {
window.location = "mailto:"+document.eMailer.email.value+"?subject="+initialsubj+"&body="+initialmsg
}
}
// End -->
</script>
</head><body>
<script language="JavaScript" type="text/javascript">
<!--
var pass, i;
//-->
</script>
<table border="0" cellspacing="1" width="100%">
<tr>
<td width="27%"><img border="0" src="images/logo.gif" width="300" height="145" alt="Logo"></td>
<td width="73%" valign="top">
<div class="header">HACK TEST IN PROGRESS...</div>
Franklin Werren at www.bagpipes.net
Yes I do play the Bagpipes!
And learning to Play the Bugle
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|