Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Realistic 7


Realistic 7

By SySTeM avatarSySTeM | 15043 Reads |
0     0

Hello my fellow hellbound hackers, this is my article on realistic challenge number 7. This article will walk you through the challenge and hopefully should help you to beat this ridiculous challenge.

Now, when you get on to this challenge, you need to find the real administrator, you will know who it is when you log in as them.

First off, we want to know the usernames for future reference, so let’s take a look at the Teachers page. When you get on there, there should be the full name and an e-mail address, the part of the e-mail address before the at sign is the username.

Next, we need to find the passwords to go with the usernames, so let’s look in the URL, say if I went to Mrs. Ann Feldman’s profile, the URL would be: http://hellboundhackers.org/challenges/real7/teacherinfo.php?action=name&&id=9 Can you notice something about the URL? You should realise that we don’t need their name, we need their ________.

Once we have found their information, we need to log in, but first, we get told our refering page is wrong :o Now what? We download a referer spoofer! My favourite one is called RefControl, it is an extension for firefox and is available here: https://addons.mozilla.org/firefox/953/

As soon as you have logged in, you may notice something in your cookies that you might want to change, if you change it to the right thing, you should get a nice big bold message.

After we have spoofed our way into the teachers panel, and we have admin, it’s time to change grades. If you have logged in as someone who can change at least one grade, you’re doing well, from that you can edit the source to change the other grades and make them exactly like you are supposed to. If you have done it correctly you should get a nice little “Grades changed” message in red text. Next thing we need to do is change the salary of a certain teacher, the salary has to be 2000 or below.

Once that part’s done, you will need to go to the page to contact them, make sure you analyze it very well. You should see something that’s “hidden”, now try and use your php knowledge and put it on the end of the URL, try and find the password file for the /admin/ place, if you’ve used apache before you should know where it is.

Then, all that’s left is to go to /admin/ and enter the username and password and get your points. This mission now comes with a checklist in the admin directory which tells you if you have missed something.

I know a lot of people have been and still are stuck on this challenge, hopefully this article may help a bit. Please rate and comment :)

Comments
ghost's avatar
ghost 18 years ago

w00t I've been waiting for an article on this. Nice one dude! ^^

AldarHawk's avatar
AldarHawk 18 years ago

would have helped me if I had not already beaten it! Good job system

SySTeM's avatar
SySTeM 18 years ago

Thanks :)

ghost's avatar
ghost 18 years ago

Good article, but i'm still stuck on finding the hash. I've tried everything. Could someone please help me in the forum.

ghost's avatar
ghost 18 years ago

i got stuck :$ this should help

ghost's avatar
ghost 18 years ago

bingo! :D

ghost's avatar
ghost 18 years ago

System saves the day :D Finally able to get some points :P

SySTeM's avatar
SySTeM 18 years ago

Lol, thanks :)

thk-geo's avatar
thk-geo 18 years ago

Sure but what about becoming an admin? It doesnt say..

ghost's avatar
ghost 18 years ago

Nvm got it now, it does say how you become an admin..

SySTeM's avatar
SySTeM 18 years ago

Yup it does indeed

ghost's avatar
ghost 18 years ago

btw, it appears that there have been new obsticles added to the challenge? the "second trimester", or didi you not include that so that its an artilce and not step by step guide?

And also, you don't need to edit the source, it'd be faster just to change cookie data on the teacher's subject, no?

SySTeM's avatar
SySTeM 18 years ago

Have you even done this challenge?

ghost's avatar
ghost 18 years ago

lol, good article, to this "ridiculous challenge." The challenges now are getting overly unrealistic

ghost's avatar
ghost 18 years ago

In response to deathrape: It is far easier to edit the source as you can do them all at once. I don't even know if its possible to do them individually. Great article, I'm just stuck on finding the admin password.

What_A_Legend's avatar
What_A_Legend 18 years ago

Very useful. Just stuck on the very last part now. Oh well.

ghost's avatar
ghost 17 years ago

which site are we suppossed to be reffered from??

ghost's avatar
ghost 17 years ago

nm that was easy

ghost's avatar
ghost 17 years ago

Nice article, has helped me get in the right direction… at least now Im not completely lost… just somewhat :whoa: but I'll get it done eventually… good article…

ghost's avatar
ghost 17 years ago

ilu helped alot:D