Basic Missions 3-7
Basic Missions 3-7
ghost | 30107 Reads | Basic 3 -basicly you need to have Mozilla firefox. Download it and also download the User Agent Switcher for Firfox. Then figure out how to use it by using the user it says is not valid.
Basic 4
-htpasswd.php is not found in basic 4…. put the htpasswd.php in the url at the end instead of index. Then try changing the number of the mission until you get the page.
Basic 5 -After looking around the source you see that * is a wild card(WD). The * replaces something you dont know. Which in this case is everything. Basic email add: Somebody @ Somwhere . Something Replace the . with a : instead and you only need to fill in the bottom passwd box with the email.
Basic 6 -What you need to do: …- chmod a file …- delete the logs …- delete another file First you need to know the file you are try to chmod…. ***/logs.txt. This file will give you the link to another file (the one you need to delete). Most unix cmds use a $ in front of them… for each box when you start out. For more understanding search Unix Commands in GOOGLE.
Basic 7 -Looking in the source gets you a name and a passwd in binary. Go and use javascript like so…. javascript:alert(document.cookie="username={the binary}"). After that use 1=1– in the passwd box. This should get you a good start.Then there are more steps to find out the correct passwd.
ghost 19 years ago
Were you tired of people asking help for these challenges because these were give-aways. Major spoilers to the levels.
ghost 19 years ago
Most unix cmds use a % in front of them… in this case replace it with $ for each box when you start out. For more understanding search Unix Commands in GOOGLE.
NOT TRUE.
ghost 18 years ago
Hey hack4u nice job,but don't get the Basic 6 ….where is logs.txt need some help here……Thx
ghost 18 years ago
OK…OK I got the log.txt & other php file …..What is all+execute??? …..r-w-x|r-w-x|r-w-x…..Is this what it mean?
ghost 18 years ago
i swear i hav the right commands for basic 6 but it says "invalid command" can someone help if i pm them my commands i have written?
ghost 18 years ago
On basic 5 we really dont need to fill in the email right. Something like @:* for the username:password and * in the email field also does work. So hypothetically, would it mean that we are searching the database for an username and password and then after we found that we are searching another table for an email?
ghost 17 years ago
No wonder you were banned…You kept spoiling the challenges…..Goodbye whoever you were =/ and don't come back if your just here to spoil everyone else's fun =/
ghost 16 years ago
Hey I thought it was a great tutorial…It did throw me of the track till is suddenly dawned on me…I was using all the possible javascript codes in alert but it supposed to be void correct injection for 7 is: javascript:void(document.cookie="username="(the binary for the user name)") Then all you have to do is replace (the bianary of the username with the actuall binary of the username. Good Site:http://www.yellowpipe.com/yis/tools/encrypter/index.php
Otherwise for Basic 7 Really good…I didn't use 3,4,5 or 6.:)