Real 5
Real 5
ghost | 13828 Reads | Real 5:
Skills: Javascript, Basic HTML (Understanding) Password Cracking.
What you Need to do: get BillSmith’s password, check your email and replace your cookies with Bill Smith read his email Find BillSmithfolder and change his permission to Read All cover your logs by accessing the .htaccess file and replacing your IP with the old one. Find admin to report name to.
Thats the basic info we need also we get a username/password so lets log in.
Now looking about for a way to get a password, probably a hash, Hint: a lot of this challenge is just looking at the source or Directories. Found somthing odd? Well they wouldn’t make it that easy would they now? Maybe thats just a hint of where another one is hidden. Once you have BillSmith’s password lets do the next step.
Next we need to read some of Billsmith’s mail, well if you had any sense you’d have seen the email system. Why not go there. Okay, it tells us that changing the cookie is the way to do it. Right now how do you change a cookie? If you are really stumped look at the basic skills I mentioned at the begining. Lets check ours first hmmmm there isnt one set for the challenge. Oh well we will just have to guess, there are only 4 common forms for each ;). Mustn’t forget to refresh. Oh whats there’s new mail ;)
Hmmm doesnt give us much info about the directory, have a look around he has mentioned it. go there :)
looks like we’re nearly done! Okay what was the first thing? set his folders permission to ‘Read All’ but in numbers, insert research here> okay that done. It’s not 775 but thats close :P Now we need to edit the logs through the .htacess file well lest go back to that directory. If you liek try the files one after the other. Ok, but what wa sthe old IP? Again remember my earlier hint have a look around that page. Now you’ll find two IP’s, try each one and compare the results. You should be able to work out which is right.
YES! Now all we need to do is report him. Well back to the special directories page. Lets have a look around. ‘Please use actions’??? Thats odd maybe there is somehting hidden next to it. ;) Got it? well we need it for the main directory hmmm well there is a command a url thingy to do this ‘../’ without ’ marks.
::Didn’t find it? well it just makes you life harder, You want to reports someones activity have a few guesses at the main page::
ok, fill it out and send :) Wait it doesnt work!!! hmmm well lets check it out. Remember my hint? Well done, hmmmm we need to report to sanderson. Well there are two ways to fix this, Javascript and the good old way edit source way. :)
And you’re done :)
ghost 18 years ago
About time a decent mission article. Thanks to that i could get past the part i was stuck on. Your getting an Awesome from me
ghost 16 years ago
The article is good! But one step is not necessary in order to beat the challenge: No need to find Mr BillSmith's password! At least not necessary to complete the challenge… (thing… did u use it somewhere, once you found it?)
goluhaque 14 years ago
I did not need to find the password or change the cookies. Bill Smith's email can easily be accessed by typing in the name of the folder. My problem is guessing the name of the folder. The Name of the email is N** Dir****EMA. Is that the name of the folder? I can't find it anywhere. Everywhere it returns a 404.
JohnGHipp 7 years ago
i can't figure out where the directory is located. i know that it is called 'N** D*r*****":@