Real 4
Real 4
richohealey | 14426 Reads | Ok, when we first come up to this challenge, we’re faced with a fairly blank page. Have a poke around, and then try the email box. Whoops redirected. Get around that and have another poke around. (From this point on every time you see a new page, have a poke around). Now, admins set their cookie? What could that be. Worry about it later. Aha. Now we have a directory, so go there.
Now we have a login, you might try injecting it with the admin user and a nice sql injection? OR, you could try the details we’re given in the challenge description. So we have a look around, nothing of use… except the search option. Try whatever you want, you’ll get the same error, so go back and do what it says.
A list of users? But with no passwords (come on, it’s never that easy). You could try to inject the member search page, or you could do it the easy way. There aren’t many tools around here that look very admin-like, look around all the pages you’ve been to so far until you can find the admin section. hint open source, Ctrl+F, search for admin
Now that you’ve found it and we have the username, but no password! Not to worry, what pages are in the user section? There are probably the same pages inside the admin section. Now that we’re in there we need to revisit what we’re actually trying to do. We want to erase Ghosts records. What page holds all the data? <<hint>> go looking for the records. Now that we have found them go do some research on actions and PHP, it’s not too hard.
Now that we have that we need to clear the logs, we don’t want to get caught now do we? So we use the same principle we used to find the records. Now, what did we get just before? Use that and be done with this well written challenge.
for the record, when I said worry about the admin cookie later, I meant MUCH later, ie never. if this article helps you please rate it….*
ghost 17 years ago
i like the way this article gives a general overview of the challenge without giving away to many spoilers, should make some users lifes a bit easier. to bad i compleated this a few days before ;)
richohealey 17 years ago
thanks heaps miner, it's my first attempt. I worte it like this because it pissed me off when i read an article hoping for a little hint and it all but gave me the solution. if anyone thinks i should add remove amend fix anything, please say.
BluePain 17 years ago
hum, this artciel was quite a mess. I dident unedrstand all so I did work on my own. But I did get som help and hnts frome it. (havent finnished the challanges yet, cant find out how to delet the logs)
R3M0T3 H4CK3R 17 years ago
i agree with bluepain, it is a bit of a mess but i cant find out how to delete the records
richohealey 17 years ago
i didn't want to give away the answers, just some hints to people who were struggling, so i was fairly unspecific abut how to do things. If i was writing an article about defacing a page, i would have gone into detail about how to delete logs, and avoid detection, but sice this is a challenge, i thought you might want to work it out a bit for yourself. these articles aren't intended to be like recipes, that you can follow precisely and be sure nothing will go wrong or force you to think.
ghost 16 years ago
i'm stuck on just getting passed the stupid re-direct…. i have an add-on that lets me edit pages but for some reason i can't edit the refresh tag…. idk?
tips?
ghost 15 years ago
how to make the page do don't redirect,i mean to remain on the login page.I deactivated JavaScript!
Lemmink 11 years ago
or google hack. inurl:"some good stuff" will get you pretttty far. But not all the way. :|