Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

basic 29


stealth-'s Avatar
Ninja Extreme
0 0

I've managed to log in as absolutely anyone I want. However I have no clue how to find the answer, or, for that matter, find out what it even is :S

Any help would be appreciated, because I'm a little confused on what I'm supposed to be looking for.


korg's Avatar
Admin from hell
0 0

One word Xpath.


stranac's Avatar
Member
0 0

If you don't know what you're looking for, maybe you should find out how to get as much info as possible.


ghost's Avatar
0 0

I did this challenge without knowing what xpath and that x stuff is, it's intuitive what you need to do, treat it like any other injection.


NotMyFault's Avatar
Member
0 0

I can log in as whoever I want but I don't see what good it does me… Help anyone???


ghost's Avatar
0 0

if you can log in as who ever you like, then I assume you can manipulate the queries. can you introduce a query of your own design?


synstealth's Avatar
PHP WARRIOR
2,490 1

I have found all 3 users and password but the problem is :

the password I found, enter in the answer box and it still says incorrect. Ive tried lowercase, uppercase even numbers to alpha and including the symbol that was part of the answer .. none worked.. im wondering if theres a specific format to submit the answer including the username/password ???

i can log in as those three users - so I know the passwords are right.


stealth-'s Avatar
Ninja Extreme
0 0

synstealth wrote: I have found all 3 users and password but the problem is :

the password I found, enter in the answer box and it still says incorrect. Ive tried lowercase, uppercase even numbers to alpha and including the symbol that was part of the answer .. none worked.. im wondering if theres a specific format to submit the answer including the username/password ???

i can log in as those three users - so I know the passwords are right.

The user passwords is not what you want, the answer is what you want to enter to pass the mission.


synstealth's Avatar
PHP WARRIOR
2,490 1

the answer on how I found the users… or the answer on how it occurred.. or the answer of the injection I used..

ive tried several ways to answer.. still no luck. im at a dead end with this answer syntax.

any ideas where I should be looking to understand how im supposed to answer it.


synstealth's Avatar
PHP WARRIOR
2,490 1

I understand what you were trying to tell me.. extract the whole thing to FIND the [answer! I got it :) now on to 24 and 25.. is irc down? tried to connect to it..


ghost's Avatar
0 0

synstealth wrote: now on to 24 and 25.. is irc down? tried to connect to it..

The IRC is up and the bot is online, have you made sure you've enabled ssl on your connection? Do you get a specific error?


synstealth's Avatar
PHP WARRIOR
2,490 1

Im using mac and yes i made sure ssl was checked but im behind an cradlepoint right now . wonder if theres a firewall on ssl connections? i seem to get connected but cannot echo any commands in the chat (not even sure if Im logged in or not. do I need an account or login ?)

im a noob with irc by the way :P


ghost's Avatar
0 0

Are you using the Mibbit client or have you installed something on your mac? You don't need an account to join the IRC.