Realistic 7
Realistic 7
Hello my fellow hellbound hackers, this is my article on realistic challenge number 7. This article will walk you through the challenge and hopefully should help you to beat this ridiculous challenge.
Now, when you get on to this challenge, you need to find the real administrator, you will know who it is when you log in as them.
First off, we want to know the usernames for future reference, so let’s take a look at the Teachers page. When you get on there, there should be the full name and an e-mail address, the part of the e-mail address before the at sign is the username.
Next, we need to find the passwords to go with the usernames, so let’s look in the URL, say if I went to Mrs. Ann Feldman’s profile, the URL would be: http://hellboundhackers.org/challenges/real7/teacherinfo.php?action=name&&id=9 Can you notice something about the URL? You should realise that we don’t need their name, we need their ________.
Once we have found their information, we need to log in, but first, we get told our refering page is wrong :o Now what? We download a referer spoofer! My favourite one is called RefControl, it is an extension for firefox and is available here: https://addons.mozilla.org/firefox/953/
As soon as you have logged in, you may notice something in your cookies that you might want to change, if you change it to the right thing, you should get a nice big bold message.
After we have spoofed our way into the teachers panel, and we have admin, it’s time to change grades. If you have logged in as someone who can change at least one grade, you’re doing well, from that you can edit the source to change the other grades and make them exactly like you are supposed to. If you have done it correctly you should get a nice little “Grades changed” message in red text. Next thing we need to do is change the salary of a certain teacher, the salary has to be 2000 or below.
Once that part’s done, you will need to go to the page to contact them, make sure you analyze it very well. You should see something that’s “hidden”, now try and use your php knowledge and put it on the end of the URL, try and find the password file for the /admin/ place, if you’ve used apache before you should know where it is.
Then, all that’s left is to go to /admin/ and enter the username and password and get your points. This mission now comes with a checklist in the admin directory which tells you if you have missed something.
I know a lot of people have been and still are stuck on this challenge, hopefully this article may help a bit. Please rate and comment :)
ghost 16 years ago
i can say that use spooftoolbar its also firefox addon also its better than refcontrol:D
ghost 16 years ago
great article system! one thing i cant do is get to the admin directory, so if anyone wanted to pm some help that would be appreciated :D
ghost 16 years ago
I found the dir easily and the secret pass, but i can't find the teachers' passwords. I read all the articles but everyone has found it easily but me:(. This article say almost nothing about that just 'notice the url (action=name&&id=9)' we don't need their name, we need their pw' :|. If i replace…. nothing happens
SpitFire46 8 years ago
I'm using chrome and I don't know what is spoofer and what spoofer should I download..