Basic 9, I should get it right
cubix wrote: I just finished this challenge. I think I understand ps ul b**e, but I was wondering if anyone has a real-world example of when this would work, like a PHP URL where I can test it. I've tried a few, but it doesn't work. Thanks http://insecure.org/news/P55-07.txt That site gives a good explanation of what the PNB is and how it can be used.
goluhaque wrote: I got t othe 2nd part. the 1st one was quite easy once one knows what a PNB does. When i type the username and the password in the 2nd part, it givesa 404. is this part of the challenge or a bug??
Probably neither…I think they meant the password to be entered back on the first screen where that search box is, didn't code up the page for passwords/usernames to be entered there.
That said, regarding the OP post I'm not sure what you're trying but check out this link :
http://www.mail.hellboundhackers.org/articles/400-Basic-Web-Hacking-*ALL*.html
My advice would be to 1) know what a PNB is 2) know what file/directory you're looking for (or I should say, have a guess that you can work from) 3) go from there.
The fact that you posted spoilers shows you're probably closer than you know (even though I can't see them now, they're edited). Keep trying and read that article! Good luck!
those that posted here can read all the articles they want in the world, but the fact that they aren't simply trying to figure it out themselves speaks volumes that they're just not as good as they think they are.
And screw all of you.
pps: I'm feeling real bad right now. If I'm Stalin, I would've killed you for reasons I can conjure up.
fuser wrote: those that posted here can read all the articles they want in the world, but the fact that they aren't simply trying to figure it out themselves speaks volumes that they're just not as good as they think they are.
And screw all of you.
pps: I'm feeling real bad right now. If I'm Stalin, I would've killed you for reasons I can conjure up.
Does that include you? As by posting that, you're technically a member of the group "those that posted here" … just saying… Also, um some of the members who posted where trying to point others in the right direction, so of course they're not trying, because they've already beaten the challenge… further more your logic is flawed in the since that those who "can read all the articles they want in the world, but the fact that they aren't simply trying" may have applied all the techniques they know about, and thus after exhausting the tools/methods in there arsenal/skill-set the only tools left are research and asking others for ideas, which if you think about it, asking for help is often the quickest form of research. And I for one dare not discourage people who are on a site for their own education form conducting research. I know the internet is full of people saying don't ask us do your own homework, google it… uuuuuum pretend google is your super smart friend for a moment… then wouldn't googling something be the exact same thing as just asking someone who knows? except google is not super smart… at least not in the since that google can't always understand your questions in an intuitive way like humans… and humans don't have to just give the answer straight up, we too can reply by pointing someone to the right reading material ya know. Now I understand that MOST (not all) people learn better when they have to work at getting an answer, this is because of the agony of searching… or rather the good feeling of the 'ah-ha moment' when the agony on wanting to know and having to filter through mass amounts of information is over, it's that great, I can stop reading all this crap that's not the answer but leads to the answer and finally have the answer moment that's so revealing that it gives us a rush of dopamine that stimulates the reward center which is particularly good at moving information form short term memory to long term memory. So yes there's something to be said for working at the answer to your own question, but I think those people who jump to the good 'ol RTFM attitude are missing the fact that someone who knows is often the most efficient 'Friendly Manual', and some of us are able to retain knowledge that we find valuable even if we didn't get the answer at the same moment as we got the relief of having to work for it. Just saying.
Also, to those who really are just looking for a means to and end and don't want to do the work because you don't need to retain the knowledge you gain, as hacking (in this case) is not something you want to learn to do, but something you need in order to complete a specific task. Hacking doesn't work that way, it's too complex to just pick up that parts you need to complete a given task, much the same way you might learn a school subject just long enough to pass… it just doesn't work that way. If you need to do something specific, hire a hacker/pen-tester for your one off task. To those thinking they can just pick it up real quick for the goal of impressing friends, also it doesn't work like that, sorry to disappoint, but we can give you all the answers you want, in the end you still have to retain it to become 'impressive' and that takes years, and for most it takes the hard learning described in the paragraph above, for those few of you (like myself) who could retain the knowledge simply because you love and value it so much and thus would actually LEARN from being given all the answers, I also hate to disappoint, but the hacking culture prevents this from happening because it's hard-wired into the culture that one must earn it either because they fail to realize that some can actually learn without having to work at it, or because of reasons like 'hey, I had to work hard for years at this, and now you expect me to just give it to you'… so once again it doesn't work like that. You'll still be stuck doing tons of research. The good news is if you really love it, there is no frivolous information on the road to the specific answer you need in the moment, because it will all become useful in good time. Also there are now college courses that can give you a jump start, just keep in mind that practice often shows theory to be lacking in some very important real world aspects. In other words, a college course in pen-testing/info sec will give a jump start, sure, but it still leaves you ill equipped to handle real world hacking. So all in short, learning to hack will take a major time investment, and half-a$$ing it won't work. So back at the naysayers of just giving people answers, um it really wouldn't hurt your cause to go ahead and give the answers, because if the recipient of said knowledge doesn't value or retain it, it won't do them any good anyways, in other words, there are no short cuts, so you trying to stop them from getting short cuts is pointless.
Okay I'm done ranting now.
Okay I'm still stuck on this one, although I do only do this in my spare time (of which I'm in short supply) and I've always called it null byte injection, not poison null byte, so there was a bit of a learning curve to even catch the hints, but still this is frustrating… I'mma love it when I finally get it. Maybe I should just use a tool like burp, but I prefer to do injection based attacks by hand… it keeps me in touch with how it works so I don't get lazy and start only remembering the basics of how it works… then when I'm pen-testing in the field w/o my tools, I'm not caught with my pants down only knowing the basic sql injection commands or something. Granted the answers to that are just a quick search away but still, what if it was an isolated network with no internet connection… well if they're that concerned with security, sql and null bytes, etc would probably be covered but still… I don't think I need a use case for staying sharp. okay I'm done venting… and that's a good hint for future generations, so hopefully anyone looking for clues and clueless about what PNB is even though they already know about null byte injection, it's the same thing guys, it's just a name I've never heard for it until I found it in the basic/all guide and looked it up on hakipedia, then I was like oh, PNB = NBI gotcha lol.
Oh, and I know it's an old thread but it's still relivent to the challange and the challange is still on the site, so it still lives as I see it, because would be challange solvers of the future will still probably find it, and get some clues from it, so as long as it's releavent in the context that made it relevant from day one than it's a live thread. I know most of the internet disagrees with me on that, but I've made an argument for my reasoning… I have yet to see an argument as to why relevant posts cough cough* especially stack-overflow cough -uh what? I didn't say anything, but seriously I don't see solid arguments as to why relevant posts are treated as dead simply because they are old and/or noone else has posted to them in a while… other than 'oh that's so yesterday' like really? I need a good reason to just discard working knowledge.
These chalenges are ranked as basic for a good reason, so using tools like Burp or anything else is just total overkill when all you need is one good eye.
You already know the name of the vulnerability you need to use here.
If you don't know the correct filename, check the source for where they're stored, or maybe read the challenge description again, as it's highlighted twice in italics to make this easier.
Now you just need to put them together and use the exploit to read the file.
If you're trying this in the url bar and wondering why it isn't working, go back and read the challenge description again.