Real 5

I need hint for real 5 ! I read e-mail from s.anderson to billsmith , and I think I got pass for billsmith it`s s**d*r !? Please help !

You've read the e-mail…then, you don't need the password anymore. Also, there are 2 ways of getting the e-mail and the correct way is with cookies. Once you've read the real e-mail, it says, almost exactly, what to do next (where to go).

I`m reading the wrong email lol

From: sanderson@ebussnet.com To: BillSmith@ebussnet.com Name: New DirectoryE****: Hello Sir, I have seen that you made folders for every user and that they can be accessed from the web. But as I have tryed,I couldn't get access to them. Can you please tell me how can I access my files from the web? Reply: Im Sorry, this options is only for me

is there another email ??

Yeah, you're reading the wrong e-mail, change your cookies to Bill's username and password, then refresh the main e-mail page. There should be a new e-mail there.

I get email which MEFISTO describe by accessing BillSmith files (it was find by guessing). Can somebody point me where to look (email folder or …) to get BillSmith data?

ok now iv loggd in as Jdoe and i went to "view folder" and it sed 'You are not allowed to see this folder' so i lookd @ the adres bar and it sed http://www.hellboundhackers.org/challenges/real5/personal.php?user=Jdoe&pass=trebuchet&view=folder so i edited tht 2 http://www.hellboundhackers.org/challenges/real5/personal.php?user=BillSmith&pass=s*i*e*&view=folder and it didnt work so i am wondering how do u beat this then?

It has nothing to do with that url. Look in the source for some encrypted hint(s).

POSSIBLE SPOILER

i no about the /s*****/folder and i hav decrypted the .css filenames

what now?

Hmm….i wonder if that decrypted text could be a password…hmm…

*side-note: Please asterix the folder name, thanks.

I know what to do with the user/pass of bill but I only get one message and that doesn't make me smarter or gives me new info on the mission :s

Could a firewall or firefox settings interrupt with the working of the mission???

Could anyone give me a hand pls????

I tried voiding the c***** with tools, javascript, etc.etc. and none of them gave me more then 1 message. And that one message is a convo between anderson and smith, anderson asks on how to access his personal folders.

what did you use to decrypt the css filenames? No decrypter i use ever works

loopguru - Use Cain & Able for that

The_Cell - The information given in the right e-mail will hint at the directory name, just use some logic.

damn i'm stuck, i got the password but there is no cookie to set !! and i cannot login as BillSmit cuz it gives me an error "wrong password" any clues ??

Use javascript inject to set username and password (remember Refresh)

hmmm, this is doing my head in now, I have done everything in the brief except for the last step and it seems buggy to me (i kept getting echo'd php source code while browsing folders). I've changed permissions, changed IP, now what? :(

Now you have to report BillSmith to the right authority using the report form on the sight. You won't be able to see it by looking, you need to find a way to get to it. You could guess the name, or exploit something to show you all of the files.

bah, I stumbled across it now but i get "We could not send you report due to the following reasons"… :(

lol, keep tryin eh :P

I found the hash in the source files and tried to use cain to decrypt it. Never found a result. Tried dic and bf attack. Sure you use cain?

aVoid

I found the password encrypted 3ff7efd******** , but I can't decrypt it . I tried Cain and also go to milw0rm.com to search it , but there's no result . :(

Ok , now I had BS's password , and found new email Shawn Anderson New Directories from email main . But can't get anymore , I don't know what must I do next ? Some1 hint me ? ;)

There are two hashs to crack I'm where you are I try to report him but it says I'm not an admin :S