Changing source code. -Hack this site level 4-

[deftones12]

hey any of ya guys figure out how to get passed level 5 yet?

[Tim_axe]

Acturally it is a POST request for level 5. I tried running Ethereal when I submitted with the default values, and the results should be attached. I went and converted it into ASCII and saved it in .txt, and zipped it.

Hopefully if you've ever played with HTTP servers in telnet or something you'll be able to make use of some of this information. And for everyone else, now you know what I'm running

-Tim_axe

[deftones12]

hey tim_axe i thought about runnin ethereal but didnt think it'd help any cuz the password would never come my way so i couldnt really sniff it. I looked that the server-to-me text file and it said the password was sent...did u get the password? i noticed u didnt change the html page referrer..what did u do?

[spike054]

level 5

http://www.hulla-balloo.com/hack/level5/level5.php?to="rainbow_dragon_@hotmail.com",Referer:"http://www.hulla-balloo.com/hack/level5/index.php"

something like that should work but i know the part with referer has something wrong but i cant remember what is it referer = : ?

[Algaen]

Thanks Tim_axe for pointing me in the right direction with the POST request. That obviously makes A LOT more sense then trying to GET the page. I should have used my brain and used Ethereal or similar to see what was going on. Anyways, I finally figured it out!
My tips for anyone still stuck on level 5, are:
1. Figure out how to use telnet to send URL requests
2. Figure out how the POST method works in terms of URL requests.
3. You DO have to spook the Referer and that's why you need telnet or similar.

If you are really stuck, PM me and I'll help you out some more.
Good luck all!

[HTRegz]

To access the pages that require you to change hidden values, check out HTML Source. I believe there was a thread on it previously, but it will allow you to change form values while still on the page. While we're talking about this, if anyone has the level 8 to level 9 solution, or even a step in the right direction... I'm too lazy to sit and figure out what's wrong with the php and it doesn't seem to be anything to do with pipes.

[keyurgabani]

how did u hacked level 5

[HTRegz]

I raced threw them all.. post me the level 5 question and I'll tell ya. .but my memory sucks

[spike054]

Im telnetting to port 80 to pass level5
here is what telnet gives me

Telnet log
GET /hack/level4/level4.php HTTP/1.1
Referer:http://www.hulla-balloo.com
To="myadress@mymailserver.com"

HTTP/1.1 400 Bad Request
Date: Sun, 06 Jul 2003 18:36:22 GMT
Server: Apache/1.3.20 Sun Cobalt (Unix) Chili!Soft-ASP/3.6.2 mod_ssl/2.8.4 OpenS
SL/0.9.6b PHP/4.1.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

13c
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Req
uest</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that th
is server could not understand.


Request header field is missing colon separato
r.


<PRE>
To="myadress@mymailserver.com"</PRE>



</BODY></HTML>

0

what am i doing wrong

[neel]

Ey... What is this kind off big ass spoiler stuff? It's supposed to be a challange... People spend days weeks and I heard of even months trying to figure stuff like this out. If you did it on yer own you did something for real. If you just read this thread and got to level whatever with as good as zero knowledge, you're nothing more then just what some people would call "scriptkiddie". I forgot the thread about that.