Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Real 9

By ghostghost | 6270 Reads |
0     0

+–––––––––––+ | REAL 9 Challenge | +–––––––––––+

This is a really easy challenge; I managed to complete it in fewer than 5 mins. Well where shall I start? I suppose first of all you read all of the information on the main page as that would just be the first obvious thing to do (Obviously after reading the challenge information).

The first thing I noticed was that there is a note from “whitie” which is all encrypted and I had no way to decrypt it until I found out the encryption type.

Reading on from that it says: “We are now using a fancy MySQL thing for the admin login so no commie bastards can hack it”. Well, well. What do we have here then? ‘A fancy MySQL THING’ obviously they do not have much knowledge on databases or security it appears.

Before we do anything, I think we should check around the site a bit for any more information we can find, check all the source codes and pages for any additional information. Not found anything? Okay well let�s begin with defacing these Nazi bastards.

What do we know?

  1. They are using MySQL for their default database which means that the site will login using MySQL.
  2. They don’t know much about the database itself.
  3. Their message is encrypted and we don’t know the encryption key yet.

So we try the most obvious things first. Go to the admin panel and try to login. Try the easy ones like user=admin; pass=admin and so on. Do you keep getting an error message? Sorry, this login is invalid.

Well what we do know is they are using MySQL for their login/database system. If you haven’t got it yet, look for common SQL vulnerabilities.

Oh that was quite easy wasn’t it? See I told you it wasn’t hard.

Well that�s the first stage completed, so now let�s move on again. We�ve come to a page which says “Admin Info” and all the information we need is right there.

ok, this is the first post so i’ll just post some basic info. username: ********* password: ******* encryption key: *****************

So obviously we have all the information we need now. Now all we need to do is go back to the encrypted message which there was a link for on the Home page. Got it? Good. Now you can go to Decryption and enter all the information which it asks for and decrypt it!

VOLIA! You’ve got the encrypted message which is now decrypted.

Last but not least all you have to do is send the decrypted message to the Liberal organisation which there was a link to on the challenge description if you read it properly. Open that link, insert the decrypted message and send it away.

See I told you it wasn’t very hard. It’s a very easy challenge.

Thanks for reading my article and again I would love to get some feedback on what you thought of it and how I could have improved it.

Thanks again. DarkMantis

Comments
ghost's avatar
ghost 16 years ago

Kinda goofy… kinda long-winded… but, it's accurate and doesn't give anything major away. Really, though, this one was probably the easiest of all the Reals, so I'm not sure it even needs an article. Regardless, you did good, but I'm looking to see something other than a challenge article for your next one… because, quite frankly, challenge articles are boring and teach nothing of any consequence.

sam207's avatar
sam207 16 years ago

yeah the challenge articles are really boring but its nicely written… good job.. but this challenge wouldn't have required any tutorial coz its easy one..

ghost's avatar
ghost 16 years ago

… Then, why did you write a challenge article, too? :P

sam207's avatar
sam207 16 years ago

yeah i wrote but I didn't love it when I wrote it… & I tried to be very specific & short in writing the hints.. But writing articles for challenges makes me bored..

ghost's avatar
ghost 16 years ago

Okay thanks for the advice guys. On the next article I write I will do it about something else. I'll have a think, do some reading and write an article xD

Thanks again.

korg's avatar
korg 16 years ago

Boring, Deffo don't need help on this one.