Passing Real 14

Passing Real 14

By ghost | 8346 Reads |

0     0

I just thought I'd make a tutorial on how to pass the HTS Real 14 Mission.

I'm going to try not to include any huge spoilers, as this mission and Real 15, as I've found, are the two funnest HackThisSite missions, and you learn a hell of alot from both.

Well, starting out, you've got a message from a friend, OutThere (who happens to be a real HTS member). He's telling you that he needs your help, by gaining Admin access to a corrupt website, Yuppers, which happens to be a joke on Yahoo!

Ok, so you've been looking around, but have found nothing. There's a good reason. This is Real 14, you're not going to be spoonfed. I suggest you start looking through the source.

You've started looking through the sources of various pages. Good. Find a file that might manage somthing that is constantly changing, that I'm sure you've noticed already.

Look through the source of that page. You'll see some things that won't really help you, then you'll see another file contained in that source. Go there. Oh, thats nothing interesting, you might think. Wrong.

Wouldn't it be great if we could get all the information within a file? Yes, I think it would, and I think you'd agree.

Do some more looking around the pages, not the sources. Maybe, find a page that lets you read different pieces of information? Study that script a bit, notice what it does.

See how whatever you append to the URL is loaded in a .n*** file? Well, we know this website is using PERL, hence the file extension on most of the pages, .cgi. Learn about some PERL Exploits. Learn how unix interprets some charachters.

By now, you should probably know what you're doing. So appened a certain somthing to another thing using somthing else :) .

Wow! Look what we've got. Sources. How nice and convenient. Look through all of the files on the server (that you can). Remember, just keep poking. This mission is all about poking.

This is the part that got me for about a month:

So you've got a file that seems pretty damn important. Well, if you don't know PERL, now would be a good time to start learning. If you know PHP, you can probably make out about 60% of the source, but you'll still have to understand the functions, etc.

Look at the hashing method. Is there any way you can make somthing to tell you a valid id? I'm sure there is. I used C++ for this one, but you can use practically any language, including everyone's favorite language, PHP. :)

So, you've got a valid ID? Great. Go into where you need to go in (I'm trying to avoid spoilers), and notice the options.

Well, you still don't have that Admin access that you really need, so what do you need to do? You don't know the admin's username, so how could you find it? Well here's the part that everyone makes out to be really hard, although it's the easiest part. Learn about a little think called "Regular expressions", aka "Regexes". You learned about them here at HBH, and if you didn't, then you shouldn't be attempting this mission. So you've got the Admin's Username and Password (hehe). How great.

Now what? If you can't find this out on your own, well….why are you even on Real 14?

Congrats, you've passed the first Insane Rated Mission, on HTS. Feels good, doesn't it?

I'm seriously sorry if there were too many spoilers, I just didn't want to leave people sitting there, wondering what to do, as that was me for a good month or so.