question real 1, (spoiler maybe kinda)

So after glances at one or two post on forums I saw you were suppose to just javascript inject and just change authid. Originally I found the two login files johndoe/administrator, and I just took the password that was with the administrator file and decrypted it. I got super as the password, and figured it was the correct password but it didn't work. Did I get the wrong password for this, or was I not suppose to bother and do it that way, and is the only way to beat the mission being changing the auth id. I guess in description it did say to login as Johndoe, not find the admins password, but I figured since it was there it was a option.

Ok, I already finished it changing the authid, was just wondering, seeing as the password was there and all, I was just wondering also if I got the right password out of the file, not that it matters for the challedge.

maug wrote: [quote]moshbat wrote: The whole blogs giving answers is sad. Perhaps I should start my own fake one…

Indeed they are. I don't really see the value in spending the time to do that. What's… the point?[/quote]

Genius has struck!

Im going to post a walkthrough for all the answers, but first I will make the user go through a ton of ads that get me paid. With all the noobs/idiots on this site, Im going to be rich!

I want in on this I need to get paid

maug wrote: Out of curiosity, how long did you spend looking through the articles and forum? most of the real-chal threads seem to be about real1.

I know there are even sites/blogs that are devoted to HBH challs and will give complete a walk-through. I can't imagine that real1 was left out. I looked at the forum for less then 5 minutes, after first post I saw that I was suppose to just change the authID, I looked at one other post to see if the password was useable at all and didn't see any hint at that, so I just finished the mission as it was designed and just asked the question here about the password.

virusc wrote: I looked at one other post to see if the password was useable at all and didn't see any hint at that, so I just finished the mission as it was designed and just asked the question here about the password.

All of the challenges here are coded for either a specific answer or a number of specific answers. Usually, the number of specific answers that would work are all similar in nature (unless you're doing the PenTest). Thus, it's highly unlikely that there is any way to finish the challenges except for the one you end up finishing it with; the challenges are too narrow in focus for that to happen.

moshbat wrote: Except the timed challenges. There are millions of ways to do those.

Not really… there are millions of ways to code a program to obtain the solution or to perform the correct solution steps… but, there is a single solution. The coding is the method.

moshbat wrote: As some of the challenges can be done with different methods, too.

Exactly.

moshbat wrote: Did you need to ask us if you could use the password? Why not just try it?

I did try it, I just wasn't sure at the time if maybe I had the wrong password or if it was just the wrong method in completing the challenge.