Realistic 7
Realistic 7
SySTeM | 14662 Reads | Hello my fellow hellbound hackers, this is my article on realistic challenge number 7. This article will walk you through the challenge and hopefully should help you to beat this ridiculous challenge.
Now, when you get on to this challenge, you need to find the real administrator, you will know who it is when you log in as them.
First off, we want to know the usernames for future reference, so let’s take a look at the Teachers page. When you get on there, there should be the full name and an e-mail address, the part of the e-mail address before the at sign is the username.
Next, we need to find the passwords to go with the usernames, so let’s look in the URL, say if I went to Mrs. Ann Feldman’s profile, the URL would be: http://hellboundhackers.org/challenges/real7/teacherinfo.php?action=name&&id=9 Can you notice something about the URL? You should realise that we don’t need their name, we need their ________.
Once we have found their information, we need to log in, but first, we get told our refering page is wrong :o Now what? We download a referer spoofer! My favourite one is called RefControl, it is an extension for firefox and is available here: https://addons.mozilla.org/firefox/953/
As soon as you have logged in, you may notice something in your cookies that you might want to change, if you change it to the right thing, you should get a nice big bold message.
After we have spoofed our way into the teachers panel, and we have admin, it’s time to change grades. If you have logged in as someone who can change at least one grade, you’re doing well, from that you can edit the source to change the other grades and make them exactly like you are supposed to. If you have done it correctly you should get a nice little “Grades changed” message in red text. Next thing we need to do is change the salary of a certain teacher, the salary has to be 2000 or below.
Once that part’s done, you will need to go to the page to contact them, make sure you analyze it very well. You should see something that’s “hidden”, now try and use your php knowledge and put it on the end of the URL, try and find the password file for the /admin/ place, if you’ve used apache before you should know where it is.
Then, all that’s left is to go to /admin/ and enter the username and password and get your points. This mission now comes with a checklist in the admin directory which tells you if you have missed something.
I know a lot of people have been and still are stuck on this challenge, hopefully this article may help a bit. Please rate and comment :)
ghost 17 years ago
Good article, but i'm still stuck on finding the hash. I've tried everything. Could someone please help me in the forum.
ghost 17 years ago
btw, it appears that there have been new obsticles added to the challenge? the "second trimester", or didi you not include that so that its an artilce and not step by step guide?
And also, you don't need to edit the source, it'd be faster just to change cookie data on the teacher's subject, no?
ghost 17 years ago
lol, good article, to this "ridiculous challenge." The challenges now are getting overly unrealistic
ghost 17 years ago
In response to deathrape: It is far easier to edit the source as you can do them all at once. I don't even know if its possible to do them individually. Great article, I'm just stuck on finding the admin password.
ghost 17 years ago
Nice article, has helped me get in the right direction… at least now Im not completely lost… just somewhat :whoa: but I'll get it done eventually… good article…