realistic 7

Someone explant to my why access.php always blank after i push submit (i tried all password i found and i found and loged with administrator's password )

the administraotors password you got, isnt to be used on the access.php.

thats the last part of the mission.

im stuck on trying to SQL inject the access.php. i keep getting SQL syntax

I know that admin's pwd for .htacess part, i found all teacher password but i dont known how to use it, how to login at access.php

When i was doing this mission, i skipped finding the teachers password and logged in as admin. Then, there was another user and pass field, try logging in there. Nevermind, that doesn't work, either the username is very strange, or that login form isn't right either. I found how to get the teacher's pass, simple! Now, i need to find out how to actually log in…

ok, a few tips to help you do this mission, this is what i did:

• No SQL injection
• think admin cookies ;)
• spoofing the referal url ;) ;) ;)
• view / change source (duh!!)

However: i did all things mentioned: i got a "grades changed" message and a "new salary set" ($4000) message logged in the /admin/ folder

yet, it still said "go back and finish the rest of the mission"

has anyone completed it?? or is this a mission error??

Hmm…did you edit the url to change grades, or were you able to log in as someone? If so, who? I've tried a couple people, and i am still not able to log in with any of them…

the admin pass, has nothing to do with the changing grades / salaries.

look on teacher list page, and see if you can change anything to get the pass.

I am able to get the pass of the teachers, but i am not able to log in as any of them

yeah, you have to spoof the refer, Find out what URL it onyl accept requests from.

Then you can get the LiveHTTP extension for firefox. Thats what i used.

Also, disable your firewall when you run it (i had problems with it working)

Yes, i have passed that part. I was at the control panel, but whenever i clicked on check private messages, change password, or change grades, i was taken to a login screen, where i thought i was to log in, but i can not log in…

hmmmm, that hasnt happened to me.

Maybe i am getting the username part wrong. For the first teacher, i have tried cstonebrain@northbay.edu and cstonebrain Am i doing the user wrong, or isn't this working for me for some reason…?

PM me with how you found the password. and yes that is how you do the username

Mr_Cheese wrote: However: i did all things mentioned: i got a "grades changed" message and a "new salary set" ($4000) message logged in the /admin/ folder

yet, it still said "go back and finish the rest of the mission"

has anyone completed it?? or is this a mission error??

I've got the same problem. Anyone know anything to help out?

i think the problem is we need to change the salary to 2000

Mr_Cheese wrote: i think the problem is we need to change the salary to 2000

Can we get an official clarification on this Grind?

When I change the salary to something less than $4000 but more than $2000, it says "New Salary have being set!" but it won't let me into the next part. Does the salary have to be set to something less than $2000?

Grindordie wrote: all it need to say.. "have being set":D I got it to say that, as well as, "Grades Changed" on the grades page, but it still says "Please go back and complete all parts of the challenge!"

Is there something I still need to do or what?

Has anyone got into the admin page yet?

Grindordie wrote: [in the grades section] did u change the grades to whatever the mission description says?

Use your little black dot in ur hat to do some evil things to the account ur in… COUGHchange passwordCOUGH

I've done both of those … still denied on the admin page

When I loged as admin, the site say "You must come from the admin URL to view you control panel http://admin.*********.com", need some clue, how can i "come from the admin URL" ??:(

edit the refer

How do i get the admin hash?

that's what i would like to know.

and how to get .htaccess details.

Mr_Cheese wrote: edit the refer I tried everything but it doesn't work. It works at seljojojo comp but not from mine. I don't know what's wrong with my comp.:o

ok i finally got it. i was on the right track all the time..

this is incredible

in contact us page , there is this di******* thing…

and i tried /home/nhbs/blah and bwah…. and whoever did this is on the right track… hint:try thinking in which dir is passwds kept, we're takling about apache server..

so i put something after "www.helboundhackers.org/challenges/real7/home/nbhs/*********l/", or is home notincluded, or ********* not included?

i cant even get the ref thingy, it continually tells me i have to come from the control panel, i change ref and it tells me i came from nowhere, i change it to something wrong, and it shows up as what i typed, i turn off my firewall, and it seems to work better….but it still wont let me in…

edit: i got it, it was just being ignorant with my firewall…i wonder why it works on other things, but not this challenge….