Real 15

What's the objective for real 15? All it says is that Wolfmankurd has sent you a link to a terrorist site that he hacked, go take a look. What are we supposed to be doing?

-Sudekai

Enable popups, you get a list of Objectives. :happy:

and View Source ;)

i like this mission. stumped on the 3rd objective though lol.

i think the 3rd object is trying to login in

PHP ERROR IN THE CHALLENGE Parse error: syntax error, unexpected '}' in /home/hbh/public_html/challenges/real15/index.php on line 38

btw this challenge also has a honey pot ;)

it says contact him

Wolfmans source is hilarious top job!

And thanks for releasing Real15 on my Bday Cheese!:D

wwoot cubeman happy b'day|!

I completed objective 1 (I think), but my objectives list hasn't confirmed that I did it, and it said it added an objective (was it supposed to be added to the list?)

YAY….

/me is the third person to complete this so far.

That include wolfman, who shouldn't really could, lol!!!

it's already on the list, the objective. It just tells you what to do next. Try refreshing the pop-up/revisiting the.. page where you get the pop-up on what to do.

Ohh, so the objective list I get at the beginning isn't supposed to change? Shouldn't objective 1 turn green or something?

it took wolfman an hour xD (and system only 5 minutes)

matchu1993 wrote: Ohh, so the objective list I get at the beginning isn't supposed to change? Shouldn't objective 1 turn green or something?

Yes it should, but for me it didn't change until I had finished 2 objectives… :happy:

Stuck on step3 here :x

same

Here to. Can't find the file I need (I think;))

Macarbon wrote: the files really have logical names…

If you are talking about the first 2 objectives, I have found that, but i am stumped from there on.

ah well i havent even found the shell login yet

U don't have to worry about this… instead check the index's source:)

Im stuck on mission 3. (btw nice. "ignore any erros you encounter" :P)

i found a login, but i think that it might be the honey pot

i'm totally lost trying to contact wolfie…. view source? i'm not seeing anything.. ah it's too early in the morning for this…

I still can't find the login…. except maybe that one on all of the pages

/me finds another login

You find two, I can't find one. 404 404 404 404 404 404

i've found a login, it's the E**** page i can't find.

why has the thread suddenly stopped, ok, i've got the first two objectives, but now i'm trying to find either the page mentioned in the login, or the way to do the 3rd mission. ARGH

im well into this challenge, but i hear people talking of E************* (not right amount of wildcards) i have viewed the file after getting further than i thnk i need it, its not really helpful in my option

ah, k. i was looking for it but can't find. is the popup with "new challange…." isn't that meant to be secret mission 1… but that also objective 5?

i'm confused. now looking for logins. looking for reference to se******** too many stars.

logging in is way to hard

but still necessary? i'm completely lost. i've done the first two objectives, and as near as i can tell, i need to be looing for a shell, correct me if i'm wrong, but tha means i should use telnet or similar to connect to the server? but since this is hosted…. is there a shell emulator on the sie? if there i si can't find it..

it's in python?? YES!!! python is deffo my best language… now all i have to do is find that bloody shell.. grumbles incoherently

i'm getting nowhere fast with this. anyone who can point me to some reading about what exactly a shell is in this context and where to find one? when it says shell i think *nix text terminal. so do i have to telnet something or is it implemented into the webpage??

well, ill give you a hint as far as finding the shell, its not a unix shell as far as I can see. look at the python code, you will find the pages to look for ;)

urlopen, its ALOT like JS. ;)

I hope I didnt spoil your guyses fun.

Bl4ckC4t

Ive found a login that is disabled and when you enables it you get an error, i hope this isnt the honey pot :angry: Whats about this "E" directory? i cant find it

my python sucks, i've been trying to get the pass through php, bruteforcer sucks, someone help me with the code!

PM me about the PHP tancurrom,

@Tancurrom, we also need to discus when you are coming over this Xmas so we can see if I'll be in Guernsey at the same time

We should also notice that the cookie contains information about the style and note…hmmmmm

ye i got the first two points down but thats when it gets complex when you get the new mission and looking for the shell :( lol ill get there

im totally stuck on part 3 also. ive tried everything i can think of to find the shell…ive made no progress on this point at all…

Damn. In total I found 3 login-pages on the site :X. Can I pm someone with what I am doing for some feedback :D

Anyway: I can create a big red error msg on one of the login forms, and tried searching for the file they mention, no luck :X.

Am I doing the right thing? Please PM me :happy:

that is the same problem I have. I also can't find the file the big red errors sais:angry: I've looked every where but I can't find it…

goofy wrote: that is the same problem I have. I also can't find the file the big red errors sais:angry: I've looked every where but I can't find it…

Same here, can any1 give a hint on where the other login might be? :)

first two were easy, but im stuck on three, and in the cookie: markupnote=shell

is this how it logs how far we are in the mission or what?, nm its the note thing

Well…I found the shell and such….I got to the page (s***l.php) where it asks for a username and a a password…Stuck there….I really cant find anything else…some hint(s) would be apreciated…

oh ! and I also killed wolf :angry: ("OH MY GOD ! YOU KILLED KENN–er–WOLFMANKURD… YOU BASTARD!") lol:happy:

erg, i have found a login, and now it says i need to find the error file… i can't find it!

ok. I suck. i've looked for s***.php everywhere, in every directory i know exists. i've tried looking for the error file everywhere too. and i can't find any reference to python. i'm not sure what the hell is going on. i know i'm missing something big, just not sure where

I suck in python. I still cant find this login. Here, shelly shelly shelly, I have cookies! COOKIES! MAYBE THATS THE ANSWER!…… checks……[edit] Maybe… but I didn't find it. :( I did change the colours black though, so Im happy :P

i've tried using XSS with the cookies and the login, and with the style page, i've tried looking for anything called .pyc (or .py), i've lookied in every directory for s****.php, i'm seriously losing sleep over this. and i can tell it's going to be fairly obvious.

thanks to hack4u i got the link to the shell, lol there's syntax error in the python code….. he he he he he.

I KNEW IT! HA HA HA .. wolf told me no there isnt. HA me and grind and tancurrom and frozen were right. O .. yeah suck on that piece right there. Fuckign a.

gahh, i have been working on it for the last 2 hrs and im stuck on the 3rd objective.

i found the 'login' but im sure it isnt the right one, anyone care to help?

ok. i've got the python code and the ammemdments to it. i've pulled it apart found a whole heap of syntax errors, and have a list of passwords that should work. so could someone who's done this PM me with a password that does work?

It's interesting that no one in the forums gives a clue about how to find the E**** file :p I've found a 403 forbidden error for, E*****o. (And it seems logical that this should be the correct file/folder)…

Any hints? Am I looking in the right place? :right:

Peace B) Uber0n

i dont' have a clue where it is, or the file that you're meant to pick up, it says that it's in the usual place, and in your space….

have you had anyluck with the shell, as near as i can tell, there are heaps of passwords that would work with his python script, but is it's a string1=string2 type if statement in PHP, then only one will for the shell login. gah,

Wow, I've found something very interesting about the style colours: P

I used a pink colour style lolz:D

i got a red error message

Ok I've successfully cracked the username of the python script =D I cracked the password part of the script too but the password doesn't work :( I heard there is some other encryption method involved. Any help?

Want a hint?

The python users/passwords have nothing to do with the prompt box login. That is javascript at work.

View Source ;)

There is a page that clearly states theres errors in the code, theres bit you need to add in etc

/me continues searching for shell

Yeah the code must be fixed before working out the password. Think '()' :happy: And shell can be found easily if you read the python source… ^^ My problem is that I cant make an app to give me possible passwords :p a long int isnt long enough :( but I'll think some more about it tonight…

I'm tired lol :p

okay can someone give me a hint on where to find the python? are you meant to find the shell first? or is it the python?

I think what they are saying is if you get the python script, that will lead you to the shell which uses python to hold the password…. Correct? (and btw, I suck HARD at python. I have like, no idea what it is, but I am trying to learn)

-okay the login doesnt work. so try to find a different direcotry where the login might just be.

• from there find a page that has a message that tells you to check a differnt page.
• when you check that page it tells you to go to yet anohter page
• go to that page and it shows corrections for the python
• this leads you to the admin area page..
• enter the panel and put in a passwd when prompted for one.
• then choose the last option in the drop down list.. and itll take you to the shell from there.

this is were everyone is stuck because the python code is wrong and it cant be completed.

Flaming_figures wrote: I think what they are saying is if you get the python script, that will lead you to the shell which uses python to hold the password…. Correct? (and btw, I suck HARD at python. I have like, no idea what it is, but I am trying to learn)

python hacking is alot like JS hacking. its programming python that tends to get confusing.

Bl4ckC4t

the python code is wrong because your ment to fix it though, just clearly that up. (even once you get to the page with some fixes)

ok, I figured that many of the errors in the python script were intentional, but it's the use of the %= comparison that gets me, there are heaps of possible correct entries to bypass that.

i'm going to keep looking, also if you've PMed me for help, i will reply, i've been kinda swamped, so be patient.

[edit]contains HUGE spoilers[/edit]

yeah, aren't we all

YAY! I finally got to there!

Oops, double post, sorry. And ya. Where IS the python? Through the login?

ok, i've got the key, and i know what kind of encryption it is, and i can code well in python, can someone who has got this challenge sussed out PM me, so i can ask some questions about what the various peices of information are? i'm talking about the shell password…. i thought i was on the right track, but that turned out to be a dead end.

i found red error message at second login page, but i don't understant what it says, i treid any URL with word 'e****' but no progress… plz help

Lazarus wrote: i found red error message at second login page, but i don't understant what it says, i treid any URL with word 'e****' but no progress… plz help

No you didn't :) But I don't think you have to find that file. Keep on working!

hack4u wrote: -okay the login doesnt work. so try to find a different direcotry where the login might just be.

• from there find a page that has a message that tells you to check a differnt page.
• when you check that page it tells you to go to yet anohter page
• go to that page and it shows corrections for the python
• this leads you to the admin area page..
• enter the panel and put in a passwd when prompted for one.
• then choose the last option in the drop down list.. and itll take you to the shell from there. ^^ i think i have to, beacuse THAT message about Hack4u speaking in step 2 is this red message "L**** ***** please check ***** ****. My problem is i couldn't find that file

AHH THIS MAYBE WAS A HUGE SPOILER :P Forgive me

^^ i think i have to, beacuse THAT message about Hack4u speaking in step 2 is this red message "L**** ***** please check ***** ****. My problem is i couldn't find that file im stuck at the same place.. but ill find it sooner or later ^^ i hope >.<

I think I have found out how to find out the password in the python script. The question is, can i get the password using php?

I've cracked the user and pass from the python script. Still it does not seem to be correct. Can I pm someone my user/pass and maybe you can confirm it is wrong .. I really don't know what went wrong ..

okay, so when im trying to find the forst of 3 login pages lol, do i work from the root folder, i.e. main page of the site, or do i work from the p**** folder?

yeah no prob. PM me.

Since lots of people seem to be stuck finding the e***** file, here's a hint: you're not searching for a file with the word "e*****" in it. Try something else which is clearly mentioned on the site. ;)

sighs now I'm stuck where everyone else is…

im guessing everyone is stuck at the shell right now correct? yeah its really annoying.

heres one thing i need to say to all those people looking for that error file .. THERES NO POINT TO FUCKING FIND IT!

i hope that clarifies everything for you so theres no poin it putting e**** file just say error.. theres no point in it. I got to where i am without it.

spoiler if you want to find it check the fucking login directoryend

Woah…just trying to help. No, you don't HAVE to find the error message, but I personally found it helpful and figured I'd post the hint on the off chance that it could help someone else as well.

And yes, we all seem to be stuck at the shell part.

From the source of on of the login pages you get this line: "please read note on the server in the usual place". My first guess was that it would have changed the cookie since when you add notes that is where those are saved, but that didnt seem to be the case. Where should i look to find the note? Ive tried many somewhat logic names and folders but got stuck here. Anyone who could lead me in the right direction, or tell me if im way off?

• edit -

nvm found it :) tried lods of different names but forgot to test both "note" aswell as "notes" on some of them. oh well now i atleast got to the note wiie :P hmm i think i know the username and pass for s****.**p but cant seem to login. any1 i could pm the pass and username to for verification? :)

Ok i made some progress, i am on last login before shell. Name is easy but whot about password? Python says ic could be 1 or Number or lot's of another numbers… do you know anybody what password go there?

Yea I am also stuck exactly where you are on this. I may have a crack at it again later today and pm you if I find anything useful.

Anyone who has some new good hints? :D

Peace //Uber0n

ok well im in the shell and i have the user

i have been runnin the cracker that i wrote for a while and so far i have gotten two passes that should have worked but neither of them did

can any one point me in the right direction?

thanx :D

Yes, I wrote a cracker too but it seems C++ can't handle as big values as required…. Guess that's the point with this part of the challenge, not being able to use the common languages :angry:

Awwh have to learn Python I guess :p

I'm in the exact same position as you guys. I wrote a cracker in C but it was going to take about a week to find all possible passwords up to that value.

system_meltdown didn't take a week to do it, so I'm guessing I'll have to go over Python…

alrighty… i've got two passwords that should work… but i'm getting login timed out messages. i've tried going out, clearing my cookies then coming back in and using XSS to pass the variables, but still same message. i'm sure one of these passes is right, they conform to what wolfmankurd said they should.

hmm…

Ok, i got the console, login to it, got to the login shell, got past the login timed out part, and logged in, but kept gettin a redirection. I have the right pass, now i changed the re***** and got INto the rmt* shell, so now i have to use ix commands to delete content, but im not sure what EXACTLY to delete and i know there's more commands than just rm i need im new to unix so that don't help either. Is anyone this far and can help, it'd be appreciated,hope i didnt spoil anything, if i did, remove or edit this please mods.Thanks

it's the login timed out bit that i can't work out. i've been learning Curl for real11 so i tried passing both passwords with poast data and nothing.. wait i just thought… does my refer need to be the shell page… i might try that now.

PM me, i'll explain in more detail

You got the idea richoely!, can anyone help me out with the nx commands and what exactly im supposed to delete EXACTLY. Cause im not sure what to remove.

I'm in the same situation… Logged into the re**** sh*** and trying different commands. Don't really know what to do, though :angry:

Does the shell has to pop-up or something?

I found 3 collisions for the python script but none of them seem to do anything :angry: Or do I have to run the script for a couple of hours or so?

I found only two numbers but they dont work. I tried all numbers from 2 to 999999999 and found only 2 numers(lenght 8). Then i tried to find factor from 1000000000 to 1999999999 and my pc crash. Wtf how its possible that some members cracked this password in a hour??? Does this password really have something to do whit the python script? We need to bruteforce the page? Please give me a push in the right direction.

Thanks for the attention.

I don't think we need to brute force this one. Though I'm getting a bit confused where to input the credentials I've found since none of them seem to work :angry:

Alright… I found the python stuff, logged into the shell, got a remote shell and logged in as root. Now I am stuck, not sure where to go from here. I have tried deleting all the files it gives me. I even created a script in PHP cURL so it would be like a real shell :P but I cant get past this part. Any help / hints would be great. Im sure its something simple I have just passed over but any hints would be great, thanks..

i've logged in as root, but it gives the timeout page. and if i type quick and try to delete the files, it tells me i must be root. even though it just said i was. also i can't get the refer to work on my curl script. wierd.

[edit] I worked out the curl. now just to suss out the staying logged in as root thing. [/edit]

ok, i've sussed out even more. i realised what the refresh thing was, got that nailed. when it told me i couldn't delete th efolder because it wasn't empty i tried the recursive command, nothing. then i changed p*******s (probably not a spoiler but why not)…

so i was on the next page and t now won't let me erase the files. i use the same command verbatim and nothing. now i'm stumped again.

Can someone who has beaten this please PM me? Not looking for spoilers, but I want to discuss a problem.

I'm at the shell, and I have become root aswell. When I use a certain command to erase all files, I get redirected to the MISSION FAILED page…

Please PM me if you know something about it.

• *First contact with Wolfie*Discover plans

¶*First contact with Wolfie *Discover plans

I done this…. I found /l****/l****.*** But i stuck here.. I don't know what next i must do. Please give me HINT

Somone ought to write an article on this challenge if they havn't yet. It seem's like everyone's stuck on the command part, thats where im stuck as well.

I agree

I'm at the same stage as Forw4rd_Lord. I've found the /l**** directory/page page and the /l****/**. page and viewed the source for both pages but i am still stuck.

gwil257 wrote: I'm at the same stage as Forw4rd_Lord. I've found the /l**** directory/page page and the /l****/. page and viewed the source for both pages but i am still stuck.That's exactly where I am! I've even tried editing the //.* page, but when I do it, nothing happens! :o

It's not like I enjoy resurrecting dead threads, but I have no other option if I want to progress.

Ok, I am lost at where about 90% of everyone was lost three or so pages ago. I can't find the damn shell. I also know absolutely nothing about python.

I have completed the first two objectives, but that's it.

So, how can I find the shell? Any hints, suggestions?

I'm at the (real) shell and have logged in correctly. The problem is that it doesn't allow me to delete all files the common way (mission failed) and I don't know what to do instead :(

Ok, I'm 50% of the way done. I have done the first three objectives, but now I have to log into the shell. Where can I find the login information?

anyone?

wow, the ratio of views to replies is 33 to 1.

Gah… I'm stuck in the last part. I am root ATM and I am trying to enable deleting the RIGHT FILE with the RIGHT COMMAND. I have tried the letter form and the octal form and every variants I can think of. Nothing gets me forward. Meta redirects are enabled. What to do? :( Anyone I can PM with this?

I managed to pass first 4 steps,but i have really problems with the fifth step(Delete content). I tryed to acces the page **/rm. but it redirects me to the index of that directory.

Could i pm someone with what i ve got?