Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Realistic 4


Realistic 4

By SySTeM avatarSySTeM | 17735 Reads |
0     0

Ok this one is kinda hard at first but once you know where you need to be it’s simple.

Part one: Finding directories If you look in the source of the main page you should notice that if you submit your e-mail address it takes you to a file named mail.html, so let’s submit our e-mail (you can type anything) you shoul notice it goes straight to an error page. Now if you have firefox what you can do is in the URL bar enter “view-source:http://the site” with no quotes. Now you should see where it takes you and you should also see a directory called /mi/ go there.

Part two: Logging in, Now when you are in the directory called /mi/ you should see a link to a login page, but instead we want to view the source of the page we’re in. So view it already! Now in the source you should see an admin login, now instead of going there we login as Drake in the members login and view the files in there.

Part three: Trying things, Now we know what files are available in the users page try them in after the admin login page and voila we can view things without admin permissions! Now we need to remove Ghost’s record so look around and see how to get to the records, try using “all.php” found them? Then lets move on.

Part four: Removing Ghost’s record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we’re trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Part five: Clearing logs, Now if you’ve already found the log clearing from that’s what you need the password for ;) but if not try and think what it could be if the records were in “all.php?id=records” think logs not reocrds this time. Found it? GOOD! Now we enter the pass and get our points w00t w00t!

Comments
ghost's avatar
ghost 18 years ago

Thank you very much! This has gotten me alot closer to completing this mission. Now I just gt to figure out what the clear record variable is.

ghost's avatar
ghost 18 years ago

Nice article

ghost's avatar
ghost 18 years ago

yeha… at last… no more worries on real 4…. B)

ghost's avatar
ghost 18 years ago

"all.php?(action)=(thing)&id=(something)" this is still killing me! though it seems really simple!! i'll google it..

SySTeM's avatar
SySTeM 18 years ago

Yeah sorry it should be && not just one &, I've corrected it now

SySTeM's avatar
SySTeM 18 years ago

Can someone rate it?

ghost's avatar
ghost 18 years ago

your god answered your prayers and gave u a pie

SySTeM's avatar
SySTeM 18 years ago

That pie was the w00tness

ghost's avatar
ghost 18 years ago

amen lolB)

SySTeM's avatar
SySTeM 18 years ago

Hehe

ghost's avatar
ghost 18 years ago

Great. This article and system_meltdown helped me to beat the mission. Thank you very very much:D

SySTeM's avatar
SySTeM 18 years ago

Thank you for your positive comments people :D

ghost's avatar
ghost 18 years ago

this is the best article i read for a mission, it helped me through the last bit, i was applying a remove command to a logs page lol!

ghost's avatar
ghost 18 years ago

This is a great article, after i looked at it i got it and then completed it….now onto real 5

ghost's avatar
ghost 18 years ago

/real4/main/Tlogin/all.php?remove=_ghost_record&&id=records Whay this don't work?!? help!

R3M0T3 H4CK3R's avatar
R3M0T3 H4CK3R 18 years ago

i need help, im trying http://www.hellboundhackers.org/challenges/real4/main/Tlogin/thized_admin/all.php?delete=ghost&&id=records but it isnt working? can someone ps help

ghost's avatar
ghost 18 years ago

Very impressive. Thank you. :D

I-O-W-A's avatar
I-O-W-A 18 years ago

Nice Artical Dude Got Me Thru The Mission With (Almost) No Problems

ghost's avatar
ghost 17 years ago

im stuck on the action=…

ghost's avatar
ghost 17 years ago

This article roxxorz :evil: