Realistic 12
Realistic 12
ghost | 9600 Reads | - Description:
- What we need to do. # Order of challenge gleamed from the description.
- Prerequisites # Stuff you need to do before you start, or could do once you have completed this challenge.
- Stage 1 # Getting Admin Logins.
- Stage 1 cont
- Stage 1 cont.
- Stage 2 # Changing the price.
- Stage 3 # getting customer logins
- Stage 4 # Ordering the sandwich
- The End
############## ####Realistic 12 ## ##By WolfManKurd# ############
We begin:
##########
Description:
########## Cafe Fiveways
You were in a rush to get to work this morning and you forgot your lunch money. One of your favourite cafes near by has a online pre-ordering system. Change the price of a Tuna Melt so you only have to pay £1.10 when you arrive at the cafe.
Difficulty: Medium
###############
What we need to do. # Order of challenge gleamed from the description.
###############
- Login as admin,(possibly)
- Change price. ( to £1.10)
- Order the tuna melt (might need to open an account or something)
###########
Prerequisites # Stuff you need to do before you start, or could do once you have completed this challenge.
###########
Challenges: Basic ; 4, 12, Other; 9, 10. Real; 5
Articles: WillieH’s on php includes exploits. Possible My article on Real 5. Any JTR article.
#######
Stage 1 # Getting Admin Logins.
#######
Well there are only two things to do at the beginning ( the links) and only one of then takes you anywhere new.
** Hint: that is not the home link**
Hmmmm, look familiar, have HBH just got lazy and repeated some challenges? ( no offence Mr_Cheese.) Probably wont need WillieH’s article but might be wortha read anyways.
further hint: looks mightily like basic 12.
###########
Stage 1 cont
###########
If you have the prerequests it should be a piece of cake. I’d refer to other 10
further hint: John the ripper ;)
###########
Stage 1 cont.
###########
At this point I was slightly :s. but, poking around never hurt nobody. Something similar is in other challenges.
Further hint: looks like other 10,
Further further hint: Brothers in Genesis… CAIN AND ABEL people.
#######
Stage 2 # Changing the price.
#######
Ah this should be obvious he wants it for £1.10, it even lets us know when we have successfully completed it.
#######
Stage 3 # getting customer logins
#######
Erm, I didn’t even realise there was more to the challenge, but… well, special type of cafe, (pre-ordering)
But there is a link to clear this up too.
F*** never that easy is it :/.
########### #Stage 3 cont. # ###########
Well, again this is a basic skill. And once your little hacking brain goes: ‘Ooooo user logins’ it’s time to move on to ‘Stage 3 cont.cont’ or ‘stage 4’.
Further hint: Basic 4 look similar
#######
Stage 4 # Ordering the sandwich
#######
Well, I’m sure one of them wouldn’t mind us borrowing his account for a moment… not like he’ll have to pay for it probably wont even notice. I seem to remember a login in at the beginning.
#######
The End
#######
Ugh tuna, but that’s what this guy wants.
Further hint: just order the fing sandwich*
- Copywrite WolfManKurd!!!!!*
- My lawyers are watching.;)!!!*
ghost 18 years ago
Sorry for the last comment, your article is pretty good, now it all makes sense.
Cheers :D
korg 17 years ago
LMFAO, I beat this challenge in 2 steps. Never logged in as admin or cracked any hash think it's easy;)
ghost 16 years ago
korg, that's rather interesting lol, how did you do this? and what do you do once you've got past the .htaccess page, and am in the special dir? because it's asked for another admin password but that's not in here
ghost 14 years ago
Not any more korg. Dont be sneaky!! Complete the challenge before you view this page! lol:p
YouGotHacked 12 years ago
I wonder if the challenge has changed or something… I had the same experience as Korg, but not with that page. I used the index.php to view a certain file which gave me a list of pages to visit. One of those pages provided everything (only one thing, really) that I needed to log in without cracking any hashes. A little HTML editing to change the price and I was all set.