Basic 7 - help

Hey, I simply cant find out how to find the first username. I've read some of the other posts, from them i understand i need some cookie program, right? But could anyone give me a link/tip/hint how to get it or how to do it? Ty //Falks

Wow, what a useful hint. Real witty.

You're looking for some kind of cookie editor for firefox. Maybe this site has a link to what you need in the downloads section…

You don't need a cookie program… just alert it.

True, but it's MUCH easier with the program. Plus, you can use it to help you out on any other challenge, as well. If you do use the program, though, I'd advise you to at least learn how to do it with JS. That's what I did.

Well learning how to do it with javascript really is one of the points with the challenge I reckon. God forbid you keep your javascript knowledge sharp.

Hey, I'm not here to argue, I'm here to learn and help others learn, so this will be my last post on this topic:

The challenges here also teach you how to use the tools available. You can't be expected to crack a MD5 hash without the use of JTR, or something of the like. Then why's there a challenge on it? So you learn how to use the tools at your disposal, that's why. If the creators of HBH didn't want us to use the extension, they wouldn't have put it on their site. God forbid we use tools to make things easier.

[EDIT] Note, I don't have anything against actually learning JS. Like I said, I went through and did it without the tool afterwards. I'm just saying that they are useful, and shouldn't be overlooked.

ascII encryption might be a good thing to look up, and make sure to inject on the page where it wants authentication, not the main login. When you get the second screen, think, what did it say it was vulnerable to?

And keep in mind that second screen is simple.

Hey again, the links in the download section doesnt seem to work for me. Can anyone help me or give me a new link?;)

Another thing: Does anyone know how to use this John The Ripper thing? Could you teach me?

You certainly don't need such tool for this challenge. Try thinking about it a bit more.

Lemur wrote: ascII encryption might be a good thing to look up, and make sure to inject on the page where it wants authentication, not the main login. When you get the second screen, think, what did it say it was vulnerable to? Ah, thank you… I was putting the encrypted pass in the wrong place :|

one dumb a** style question.

can any one refer me to online ascii encryption decryption page which i can use here.

Try yellowpipe at: http://www.yellowpipe.com/yis/tools/encrypter/index.php

anantshri wrote: one dumb a** style question.

can any one refer me to online ascii encryption decryption page which i can use here.

Its not ascii encryption but ascii to binary and vice versa encryption.

i like to use

http://www.paulschou.com/tools/xlate/

it does alot for me.