Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic 12 - Feeling stupid

  1. Home
  2. Forum
  3. Basic
  4. Basic 12 - Feeling stupid

ghost's Avatar

ghost

0 0

The title of this thread says I am feeling stupid, that's not true. I AM stupid!

Could someone give me a hint (tut/inject type)? I have a feeling it has something to do with the page?= thingy,,

Any hints would be welcome (pm == good too ;))

Thanks for helping a stupid person.

Ciao


AldarHawk's Avatar

AldarHawk

The Manager
0 0

spyware. Hint: Not an Injection per se. look for an area you want to access ;)


ghost's Avatar

ghost

0 0

Do I need to know on what sort of server the site is running?


AldarHawk's Avatar

AldarHawk

The Manager
0 0

no you do not need to know the server type.


ghost's Avatar

ghost

0 0

Look up how protected folders are made, that will give you a huge hint.


ghost's Avatar

ghost

0 0

After trying 100 or so directories and file names inside the php script and from the basic12/ directory trying names that you would expect with apache auth and such. And it is using ** file protection preventing them from being served to me normally.im just kind of confused if its a guessing game or am i supposed to do a buffer overflow or cgi exploit… or brute force attack. I know it says im on the right track plugging stuff into the php script but im woundering if its just saying that to throw me off. I suck i Know… Yeah i got it thanks:) i had this stupid syntax error i kept making./


Mr_Cheese's Avatar

Mr_Cheese

0 1

just include the file that is protecting the folder and then take it from there.

simple :)


ghost's Avatar

ghost

0 0

sigh - Ok, I have done it all. I have accessed the ** file, that gives a hint to the second *****d file. There, I see the ":". I tried to enter that in the protected folder pop-up, doesn't work. I have tried injecting it via the URLbar via ":*@" - also, no luck. Can someone help me who did the challenge (compare the user/pass).

Thanks in advance Ciao


ghost's Avatar

ghost

0 0

I'm trying to think of a file that would protect a folder and the only thing i can think of is a *.zip file, am I at all close


ghost's Avatar

ghost

0 0

@thronworld Its not a zip file, try googling for "protecting directories"

What happens when someone wants to protect a certain directory? What is created on the server, to tell it that the directory needs a username password to enter it? Where is this created?

Hope this helps?

@spyware It seems you are close, PM me what you have so far I will help you out.

Cheers

Dantronix


ranma's Avatar

ranma

Member
0 0

I know that .ht*** protects something, but…