Real 15 down or did I make a mistake

Hey guys, first of all I want to say I'm back! (some old members will still know me :D) And I'm trying to catch up with the challenges :p I saw some Real 15 threads but they are rather old so I made a new one.

I'm at the part where I'm supposed to delete the content. I got into the (real) shell 1*.php and got there through with the right referer. I did the unix command for listing files (see I'm not trying to spoil here ;))

It worked and when I tried getting into the root account by using the ** command, it said "You are now root!" and I got redirected to the index page. Is something not working or is my refering tool not working after submitting that command?

Thanks in advance.

Think there is time senstive aspects.

When I hear time sensitive aspects, cURL pops into my mind immediately :) Thanks for the hint, I'll give it a try.

Edit: Thanks mate, I'm now logged in as root :-) I used cURL to see where the page was redirecting me to.

Okay I deleted the content but now when I get to the next page it says sending logs.. and get redirected to the fail page.

When I try to delete the logs with cURL it says "Are you sure" and still get redirected.

FireSt0rm wrote: I tried things like: ch*** -* + p*****_**** Also tried = and , for every group.

There are two ways to do the command you're doing. One is the way you're doing it, and the other has numbers instead.

I already got that part now :D Now I'm trying to delete the logs before it sends me to the fail page. When I try to delete them it says "Are you sure", so I press 'y' but still get redirected to the fail page :(

Try escaping the page forwarding. Hint Hint

Thanks I did that part :D Because of the redirection I couldn't see the error message after I tried to delete the logs. Apparantly I have to ch*** it aswell, but I forgot which previous ch*** command (of the p****h***) worked -- So I guess it's back to trial & error for me now :angry:

I cannot get this damn ch*** in the shell to work.

I've read all the forums, i've googled, i've read the man pages. I've tried loads of variations, even tried urllib2 to post cmd's. Any help would be most welcome. 'cos this is doing my swede in.

When logged in to the correct shell as root, deleting the content is a matter of issuing two commands; The first to modify the permissions of a certain directory. And the second, to remove that directory. So, would it be possible to confirm the following, without spoiling the challenge?

If I'm using the correct second command, and it fails, should I be receiving a "Permission denied." error?

I ask for two reasons; First, I've been using cURL to bruteforce all of the possible numeric inputs for the first command, both in recursive and non-recursive format, and the result of the second command is always "Permission denied." And second, there is another command that seems slightly more appropriate, but offers nothing in the way of confirming whether or not the command has worked.

I'm also unsure of how I would use cURL to monitor the redirects (a technique that led to FireSt0rm being able to make it past this point). Any input on that would be great as well. Thanks in advance.

This is my challenge most people cheated their way through though :/

Ok! Finally got through this. Awesome mission wolfmankurd. I found what I was doing wrong in another real 15 thread. For anybody having trouble at this same spot, don't bother with the numeric or recursive forms for the first command. They don't seem to work, or at least didn't for me. Think simply, very simply. Once you've got the correct form of the first command, make a mental note of it. You'll need it again before the mission is done.