EM's: Rooting 2

http://www.hellboundhackers.org/challenges/root2/

Beta test it!!

let me know if you get any errors or if you complete it perfectly, or any changes you want to see made etc etc

thanks

The cd command is not working, (I think)

OK, cd command works in all but one situation. "cd .." when you are in a single level directory. ie /home or /sbin

There is a simple way of getting around this

Type in the cmd box

">ls"

This tricks the system into thinking you are already in the base dir

BTW if this method of changing dirs is a possible cheat I will look into a way of fixing it

And sorry about the triple post but

Its not the codes fault I think it may be HBH's version of PHP. I just ran the source which I sent to his honour and it worked find

right, i think i found a problem with it….are we allowed to post spoilers in this thread?

Nope, either PM me or Mr_Cheese

Ahh… @Mr_Cheese, I checked the logs which only_samurai sent me. I think that you are missing the check that goobutu is deleted in the function completed :(.

Can you check that please

mozzer

The fact that you have to click into the text field EVERY time is really annoying! the lack of the ability to go to to root is annoying and I will keep digging.

I was going to convert the mission to AJAX but I gave up after I realised the complexity of changing all the variables

I beat it…had to do some strange things to accomplish this but I beat it. It should have a login or something where you are logged in as like guest and need to get the admins account to delete the stuff…just a thought.

Nice idea,

the good thing about the mission is that it is completely customiseable and therefore I could create a completely different mission in 30 secs

i agree this challenge was a bit easy…took me around 30 seconds to complete. atleast add in a bit more to it….and is it possible to add the cd ..? i know you said there is that hack, but for learning purposes i think we need to try the cd ..

There used to be the cd .. I know because I had it on the online version. I'm sure Mr_Cheese will try to reincorporate it into the mission

yeah, i figured he would. just thought id point it out. its one of the bigger complaints on rooting1 as im sure ya'll already know.

I agree with you Aldar - it's very irritating having to click the text field every time! :angry:

also… the command cd / does not work. that should be worked in too.

Yeah not a bad challenge. I completed in a couple of minutes. lol i just didn't delete one of the files. i dont understand why the ftp is in their unless its just making it seem more realistic, idk. like others said, just set it to focus on the textbox, simple javascript. <body onload="javascript:document.form[0].element[0].focus"> is what i believe it would be. Then the user doesnt have to click their everything which is kinda annoying, but other than that its a good little challenge to get a user started to what the environment is like even though it has nothing to do with actually gaining root in the first place :D i have never done any rooting so if we could get some pretty realistic it would be awesome, because that is something i really wanna learn to do.

Damn… why didn't I think of that javascript focus?!?!?

/me feels stupid

jus thought i would post this, i got it after i beat the chall

<b>Warning</b>: Cannot modify header information - headers already sent by (output started at /home/hbh/public_html/challenges/root2/index.php:9) in <b>/home/hbh/public_html/fusion_core.php</b> on line <b>173</b><br /> <center><br />Congrats! 80 points has been added!<br/ ><br /></center> /home/grey/files>rm googlefiles.gz

lol i keep trying it but i have no idea of what to do at all… i keep trying stuff like >ls then /home>cd and nothing is working…

can someone help me get started :D

um i am kinda confused, did this challenge actually give me 80 points upon completion?

I pretty much agree with everyone else on the following:

1. Having to click in the textbox every time IS DEFINITELY ANNOYING
2. There should be more to this challenge
3. CD command doesn't work in some instances.

Other than that, not a bad challenge :D

What is supposed to learn by this challenge?The cd,rm,cat commands?

I found this more easy than root1…..this is not rooting, u have yet access to the machine and privileges to rm files…. Not a password to find, nothing to exploit, you have just to move in the dir and delete two files.

TO MUCH SIMPLE AND THIS IS NOT ROOTING.

For future rooting challenges i suggest you to have to scan some host, find a open vulnerable port, lauch a exploit (like writing a bof) and once youre logged on the system delete the logs(only your logs) and change the password of admin or other things.

However this is a good start and it have also a good GUI. Try to make it more shell similar and activate all commands.

Thanks for this challenge guys.

The point of the system was to create a simple system from which extra functions could be added. As I have said before the only task which is required is to change the config file.

it's an ok challenge, and again, I have to agree clicking the text bar over and over is annoying, and the fact that the cd command is a bit dodgey gets annoying too. Also, the html

<center><br />Congrats! 80 points has been added!<br/ ><br /></center> Shows up in the congrats message, but thats just about it ^^

i gotta say im a complete noob at this an tht was quite easy for myself the only real thing about it is tht there are no definitive instructions to get you started an the file name for the files your supposed to delete is not what it says in the description so i deleted everything lol aside from tht its a cool challange tht will earn people a few points