Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Realistic 1 Walkthrough


Realistic 1 Walkthrough

By ghostghost | 16532 Reads |
0     0

Realistic 1 Walkthrough Hi Everyone I wrote this tutorial because i did not think that any tutorials for realistic one where indepth enough.I would say this deffinitly contains spoiler so be warned and it is rather long!

So the first thing we see is the JohnDoe password and account yes that is handy!So upon arriving at the log in we chance a shot of sql injection just in case ' hmmm that didnt work!So now we simply log in and while youre at that go back to youre mission brief and what does it say?

Your goal for this mission is to log in as an registered user (johndoe/password) and analyze the site to gain administrator rights to change the price of the program to make it a lot more cheaper.

Now what are the key parts?We have to analyse the site and make the program cheaper,So what does analyse mean?Yes you guessed it!Look at something realy in depth.Now i am sure you have learned by now to look at the source and when we open her up what do we see?

Not that much!Yep its pretty bare so maybe thats a good thing lets look in the directorys given to us….. Hmmm you see it?Yeh thats pretty interesting! But now that we have this what do we do?We cant use sql injection to get in because we tried that…..Hmmm??Maybe javascript injection…..

Well first of all what is Javascript injection?Javascript Injection is simply changing the content of things such as cookies using JavaScript.Ahh now you see what I am getting at.

So to do this goto youre url and remove www.whateverpagethisis.com/hah/a0tuhah/a0tu!

Now type in javascript:alert(“hello”) and hit return….Tada! But wait dont get too excited we are not even at the good bit yet!Try typing javascript:alert(document.cookie) hmm interesting!Hmm That AuthId is interesting aint it?It couldnt possibly stand for authorisation id…Or could it??Well hmm i wonder what we can do!

In administrator.txt we found some interesting info(yes i changed the info so stop being so lazy)

administrator password = pass

status:administrator

AuthID: authid

So lets use it :D Lets up our AUTHorisation :D So we know how to do a javascript command and what not through our browser so lets do it: javascript:void(document.cookie=AuthID=“authid”);

So basicaly what we are saying is that in that cookie change the AuthID bit to this,Yes i know rather simple but it works….Now what page is the price on??Well that means its probably best to do it on that page but i dont think that software is real anyways so its probably not worth more than a dollar!

And ennjoy the 35 points,Sorry it was so long but this is how i learn best and if you dont like it dont read it :) .And if you do like it please rate it and leave comments!(motivation to do more) Enjoy Shouts:http://www.a0tu.com , The Flash and BobbyB ,n3wtyp3 and tmc :)

Comments
ghost's avatar
ghost 15 years ago

u might as well hold my hand while i do this…

step - by - step

haha.. u rock;

very easy 35 points after reading this//

:ninja:

ghost's avatar
ghost 15 years ago

it didn't like me making it free… or 0.01 or 0.02 or ..

you get the point.. i did this to 0.86.. the i looked at the articles, ahahaha

ghost's avatar
ghost 15 years ago

Excellent. Face slap for not realizing what to do.:xx:

ghost's avatar
ghost 14 years ago

wow i cant believe i forgot that accursed ";" on the end!

ghost's avatar
ghost 14 years ago

Yeah i tried making it 0.01 at first and then it said go cheaper. Put in 0 then it said make it not free… so i made it 1.00 and it worked? :o

Legilimens's avatar
Legilimens 13 years ago

This is really helpful, but I don't know what to do after the authid part. I have the authid, but changing the authid doesn't do anything… or am I just not changing it to the right value? Or am I supposed to do something after I change the authid? I'm sorry, this is probably really simple, and I'm just not getting it.

ghost's avatar
ghost 13 years ago

do we have to crack the password or am I trippin'? I can't crack it with JTR :(

ghost's avatar
ghost 13 years ago

yeah, I was tripping… just use original login (i thought i had refreshed but I hadn't…. doh) :D

Legilimens's avatar
Legilimens 13 years ago

Right, now this is for everyone else out there who's making the same stupid mistake as me- after going through this tutorial, reload the page.

Abdellah's avatar
Abdellah 12 years ago

That was helping, Thx Man !!

GSmyrlis's avatar
GSmyrlis 8 years ago

thanks for help bro!thumbs up