Basic Web Hacking 5
first I want to write bitterly that it is a shame and a pity that I see these two links which give the solutions :
https://www.hellboundhackers.org/articles/read-article.php?article_id=94
https://www.hellboundhackers.org/articles/index.php?cat_id=10
I hate them and the idea in itself
Concerning the challenge
The format of the solution is like this :
username:password
from the source I know the username and the password
admin:* (* is a word which in turn is the password)
I submitted the solution but it says invalid password !! I am sure I know what word replaces the asterisk and that my solution is right
I can pm someone the solution to check it for me so that I do not spoil
or may be I can get a hint here in the forum
there is absolutely no logic and no sense in this challenge :
The challenge asks for the username and password . They must be entered in the following format :
Username:Password
However the article says another thing totally different which has nothing to do with the format of the solution :
"Somebody @ Somwhere . Something Replace the . with a : instead and you only need to fill in the bottom passwd box with the email."
the article says that the solution is an email in a weird , odd format
"Somebody @ Somwhere : Something
so I wonder why from the beginning it is not stated that the format of the solution must be an email in the format Somebody @ Somwhere : Something? I mean instead of putting :
Enter Username:Password:
it will be
Enter Somebody @ Somwhere : Something and that is all !!
secondly , if the second form (Search an E-mail:) serves nothing to the challenge so why is it put there !!!! for what reason?
thirdly , if we suppose that "Somebody @ Somwhere : Something" is the solution to the challenge , is Somebody the username and Somwhere the password ?? and if yes what is the Somwhere? what does Somewhere supposed to be ?
I wonder why from the beginning it is not stated that the format of the solution must be an email in the format Somebody@Somwhere:Something
The challenge itself tells you about the form and how it's intended to work, it's obviously not going to explain how to exploit any vulnerabilities in it.
if the second form (Search an E-mail serves nothing to the challenge so why is it put there !!!! for what reason
It's supposed to be part of the asterix system, other wise you would be looking at a login form, and not a supposed search system.
thirdly , if we suppose that "Somebody @ Somwhere : Something" is the solution to the challenge , is Somebody the username and Somwhere the password ?? and if yes what is the Somwhere? what does Somewhere supposed to be ?
Don't know.
"The challenge itself tells you about the form and how it's intended to work, it's obviously not going to explain how to exploit any vulnerabilities in it."
I am talking about the format of the solution not how to exploit it . The challenge does not tell me that the format of the solution must be somebody@somewhere:something . The article does . The challenge tells me that the solution must be in the format Username:Password . No one would expect the solution to be somebody@something:somewhere if the article did not mention it
As for the vulnerability I googled about Asterix protect system but I could not find any tutorial associated with it .
"It's supposed to be part of the asterix system, other wise you would be looking at a login form, and not a supposed search system."
if it puts Enter somebody@somewhere:something instead of Enter Username:Password I will look for somebody@somewhere:something and not a login form :)
"Don't know"
You already solved Basic Web Hacking 5 so you know if in somebody@somewhere:something , the somebody is the username , the something is the password and what is the somwhere :)
I know the username and the password but I do know how to put the solution in somebody@somewhere:something there are three elements but I have only two elements the username and the password . What am I supposed to do . Any hint?
Years ago you could sign into sites using the username:password@email.com format.
Im assuming that this is based on that idea, and by entering a string in the format the article says, i.e. in a format it's not expecting, it causes the code to throw an error.
Use * for what you don't know, which is everything.
what is the @somwhere
Amazingly enough it's where your email address would go.
I do not like this challenge .
this is not a spoil as it is in the source code <!–attention admin: * is a wildcard –>
Enter Username:Password would be
admin:wildcard . Challenge solved
This is what I expected
May be I am still far a newbie to perceive more deeper but this challenge is not good at all