a hidden log in?????Quote:
Originally Posted by realshady
at which page
guestbook.php
or
admin.php
Printable View
a hidden log in?????Quote:
Originally Posted by realshady
at which page
guestbook.php
or
admin.php
100 levels ??? I'd give up now! :)
Am I missing something? I was stuck at lvl. 2, read through a few pages here, and it said something about looking closer. I figured ascii art, like 13 was a b or something, anywhere near the right way to look at it?
@youkosnake
look at the source... no art, just usual text as it is...
de
lol if you read my answer you could know that i am not at that level. At the moment just waiting for a mail for level 20 but i don't get any so i can't help at the moment.Quote:
Originally Posted by ttn628826
anyone reached level 20 yet? i've reached level 20 (got the email from author), and decoded the given codes, got the link that points me to a guestbook. i guess i have to do something at this guestbook but looking at the source it says
<!---- there's no clues in this output HTML! ---->
i'm outta ideas right now.
Yes...If you do a search for "Sad Raven's Guestbook vulnerabilities", you'll find a number of them. Unfortunately, most of the sites are in Russian so it's a bit of a challenge...
The most obvious vulnerability is password disclosure (trying to get the passwd.dat file) but that doesn't work. I believe the guestbook has been broken, severely restricted, or not set up correctly.
Other stuff I've tried is crosssite scripting and PHP injection, but those don't work either. Next is trying to pass a cookie to the site, but that particular vulnerability didn't translate very well at all:
"if we establish to its machine correctly composed cookie, then it is possible to enter into the adminskiy interface"
Still trying...
Hello all! I signed up to this forum after I couldn't work out how to do level 9.
All I'm seeing is the words 'Crack the password', and the source of the page just looks like this:
That image isn't for this level, so now what am I supposed to do?HTML Code:<HTML>
<HEAD>
<base href='http://www.hackertest.net/'>
</HEAD>
<BODY BGCOLOR="ffffff" TEXT="000000" BG="images/phat.gif">
<br><br><p align=center><b>Authentication Failed. Try again.</b></BODY>
</HTML>
Oh yeah, and I'm also writing a guide for the tests as I go through them. It's in the format
General Info - Just says what you can see
Hints - Hints in the order of how much they give away
Walkthrough - Just tells you what you need to do to complete each level.
So far I've written it up to level 8, but obviously I'm going to need some help myself as I can't make it past level 9 :)
What image? BG="images/phat.gif"? Are you sure?Quote:
Originally Posted by tyranic-moron
Hint: take a look at the image in photoshop (or gimp if you don't have photoshop).
I must be missing something on Level 6....... ARRRRRRR!!!!
var initialsubj="Hello, I want you to see this site."
var initialmsg="Hi:\n You may want to check out this site: "+window.location
var good;
function checkEmailAddress(field) {
var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\.info)|(\.sex)|(\.biz)|(\.aero)|(\.coop)|(\.museum)|(\.name)|(\.pro)|(\..{2,2}))$)\b/gi);
if (goodEmail) {
good = true;
}
else {
alert('Please enter a valid address.');
field.focus();
field.select();
good = false;
}
}
u = window.location;
function mailThisUrl() {
good = false
checkEmailAddress(document.eMailer.email);
if (good) {
window.location = "mailto:"+document.eMailer.email.value+"?subject="+initialsubj+"&body="+initialmsg
}
}
// End -->
</script>
</head><body>
<script language="JavaScript" type="text/javascript">
<!--
var pass, i;
//-->
</script>
<table border="0" cellspacing="1" width="100%">
<tr>
<td width="27%"><img border="0" src="images/logo.gif" width="300" height="145" alt="Logo"></td>
<td width="73%" valign="top">
<div class="header">HACK TEST IN PROGRESS...</div>