Real 9
Real 9
ghost | 5997 Reads | +–––––––––––+ | REAL 9 Challenge | +–––––––––––+
This is a really easy challenge; I managed to complete it in fewer than 5 mins. Well where shall I start? I suppose first of all you read all of the information on the main page as that would just be the first obvious thing to do (Obviously after reading the challenge information).
The first thing I noticed was that there is a note from “whitie” which is all encrypted and I had no way to decrypt it until I found out the encryption type.
Reading on from that it says: “We are now using a fancy MySQL thing for the admin login so no commie bastards can hack it”. Well, well. What do we have here then? ‘A fancy MySQL THING’ obviously they do not have much knowledge on databases or security it appears.
Before we do anything, I think we should check around the site a bit for any more information we can find, check all the source codes and pages for any additional information. Not found anything? Okay well let�s begin with defacing these Nazi bastards.
What do we know?
- They are using MySQL for their default database which means that the site will login using MySQL.
- They don’t know much about the database itself.
- Their message is encrypted and we don’t know the encryption key yet.
So we try the most obvious things first. Go to the admin panel and try to login. Try the easy ones like user=admin; pass=admin and so on. Do you keep getting an error message? Sorry, this login is invalid.
Well what we do know is they are using MySQL for their login/database system. If you haven’t got it yet, look for common SQL vulnerabilities.
Oh that was quite easy wasn’t it? See I told you it wasn’t hard.
Well that�s the first stage completed, so now let�s move on again. We�ve come to a page which says “Admin Info” and all the information we need is right there.
ok, this is the first post so i’ll just post some basic info. username: ********* password: ******* encryption key: *****************
So obviously we have all the information we need now. Now all we need to do is go back to the encrypted message which there was a link for on the Home page. Got it? Good. Now you can go to Decryption and enter all the information which it asks for and decrypt it!
VOLIA! You’ve got the encrypted message which is now decrypted.
Last but not least all you have to do is send the decrypted message to the Liberal organisation which there was a link to on the challenge description if you read it properly. Open that link, insert the decrypted message and send it away.
See I told you it wasn’t very hard. It’s a very easy challenge.
Thanks for reading my article and again I would love to get some feedback on what you thought of it and how I could have improved it.
Thanks again.
DarkMantis
ghost 15 years ago
Kinda goofy… kinda long-winded… but, it's accurate and doesn't give anything major away. Really, though, this one was probably the easiest of all the Reals, so I'm not sure it even needs an article. Regardless, you did good, but I'm looking to see something other than a challenge article for your next one… because, quite frankly, challenge articles are boring and teach nothing of any consequence.
sam207 15 years ago
yeah the challenge articles are really boring but its nicely written… good job.. but this challenge wouldn't have required any tutorial coz its easy one..
sam207 15 years ago
yeah i wrote but I didn't love it when I wrote it… & I tried to be very specific & short in writing the hints.. But writing articles for challenges makes me bored..
ghost 15 years ago
Okay thanks for the advice guys. On the next article I write I will do it about something else. I'll have a think, do some reading and write an article xD
Thanks again.