Basic 6 Complaint
Don't get me wrong, I love the site I just think that Basic 6 should be completely changed, I had the commands and files from the very start, it's a simple challenge, but who would have thought that the order in which you remove the files, makes any difference? Who would have thought you can't have slashes before the "logs directory", who would have thought that it's a URL actually =\ who would have thought that you then have to figure out which parts of the URL you hvae to use as the directory, I ussually don't look at the forums much, but I had to SCOUR them in order to finally figure out, that the order in which I remove the files is relevant… The description of the mission is also very cryptic "find this file, delete that file, and delete that other file" this is what I think would help…
a.) No offense,but the challenge intro's English is not GREAT =\ , and the way the files are reffered to is very cryptic This is much clearer… My friend Drake has found this new way to execute Unix Commands from a simple php file, but he was testing the security and the logs recorded his activities and reported it to the FBI, they also chmod'd the file logs.txt, now the only chance for him to be safe is that you chmod logs.txt to all+execute and remove it, and locate and remove the tracking file that caught him. Mr. Deitry also said the command to do all these action needs to follow this format: $ commands options arguments
or
b.) Somehow inform people of some of this information that is completely illogical but that you have to find out by accessing the forums.
There is way too much unnecessary hit or miss on this challenge, for instance because of the wording of the challenge, I was trying to chmod the trakcing logs, For anybody having trouble with this challenge:
You will find the other file by manipulating the URL
The directory you will use is not the full URL but the directory that holds on the files, and there is no /
Using number for the chmod options did not work for me, try the letters,
and if all else fails fucking switch the order you delete the files =\
I don't see the point in using the $, striving for realism or something, and then using it wrong, and failing to inform people of the other important parts of this challenge that you would only figure out using the help of the forums.
I don't see anything wrong with it, they give just enough information to be able to solve it. Anything more would make the challenge far too easy.
If we used your first suggestion the challenge would be a joke. It practically says : "The answer is imstoopid" now type imstoopid into the password box to get your easy points.
Come on, there needs to be some degree of challenge to get it. I mean, how boring would it be if you could do every single challenge on your first try? You need to struggle, research and find new things. How else do you plan on learning?
Sometimes it may seem like there is more than 1 possibility, all you need to do is try the different ones until you get it.
It's Hellbound Hackers, Not Hellbound Pansies, come on.
n0ir wrote: would have thought that the order in which you remove the files, makes any difference?
i dont believe it does make a difference. i'll check the source and see.
Who would have thought you can't have slashes before the "logs directory"
well if you knew linux systems you'd know that adding a slash before the directory will make it think to goto the main directory. just like windows a c:\. / is the equivelent of the c:\.
so typing /logs/ will goto the main logs folder instead of the logs folder in the current directory.
who would have thought that it's a URL actually
its not a url
a.) No offense,but the challenge intro's English is not GREAT =\ , and the way the files are reffered to is very cryptic This is much clearer… My friend Drake has found this new way to execute Unix Commands from a simple php file, but he was testing the security and the logs recorded his activities and reported it to the FBI, they also chmod'd the file logs.txt, now the only chance for him to be safe is that you chmod logs.txt to all+execute and remove it, and locate and remove the tracking file that caught him. Mr. Deitry also said the command to do all these action needs to follow this format: $ commands options arguments
isnt this pretty much what we say in the briefing?
anywyas, point made i'll see what i can do to make this challenge for user friendly.
I honestly don't have time for people who come to such a great site to learn then bite the hand that feeds them.
I for one didn't know much about unix commands and it encouraged me to read about them. It's not the beating of the challenge that is rewarding, it's the knowledge you gained from learning how to beat it.
Please, refrain from complaining about something that owns you.
Again, I knew I was gonna raise some hate for this, and I don't want it to be taken the wrong way, I'm not complaining about the site, the people, this place is great, it's jsut Basic 6 really needs something more to the briefing. I think there is a difference between making something "easy" and making something "obscure" this challenge is IN FACT VERY EASY, I had the files and the commands worked out in less than 5 minutes, it was the positiong of the commands and the fact that you needed to know to put a space after the $ and that you couldn't use numbers for chmod options, there's just so much that made it unneccessarily difficult.
n0ir wrote: would have thought that the order in which you remove the files, makes any difference?
=\ Perhaps it was a small something I changed while reversing them, but it definitely worked after immediately switching the two remove commands position.
Who would have thought you can't have slashes before the "logs directory"
I know linux systems, and I'm aware, but I guess I never would ahve thought to treat a url as a directory system 0.o
who would have thought that it's a URL actually
I'm saying most people will do the obvious "locate" or "ls" and when that doesn't work they say wtf I need to go to the forums..and they find out its the URL they have to manipulate
a.) No offense,but the challenge intro's English is not GREAT =\ , and the way the files are reffered to is very cryptic This is much clearer… My friend Drake has found this new way to execute Unix Commands from a simple php file, but he was testing the security and the logs recorded his activities and reported it to the FBI, they also chmod'd the file logs.txt, now the only chance for him to be safe is that you chmod logs.txt to all+execute and remove it, and locate and remove the tracking file that caught him. Mr. Deitry also said the command to do all these action needs to follow this format: $ commands options arguments
There are some slight changes there to the word choices and clarity
Look, I got nothing against this site, and if Basic 6 does remain unchanged well at least this post shows alot of the mistakes I made. None of this stuff gives the challenge away, it just makes it so once you have the necessary information you don't have to mess with syntax and placement and things that will take you the good part of an hour…This is Basic 6 again I know alot about hacking is tinkering and trying new things, but this i felt was rudiculous.
If this post pissed anyone off, I apologize…
Hello Guy's nice site by the way… B) Made it up to basic6 in 2 hours but .. now im stuck with the UNIX cmd's Found the cmd's for CHMOD u,g,o,a, and r,w,x also found the dir's /\ but something go wrong with the kill cmd i think… Please help….:(
And like i say .. Nice JOB on this Basic Web Hacking site :D
ha ha so true… boy you really are going to love the blind sql one..
rofl. but seriously. i have quite a background in linux and i got this challange in less than 10 mins when i was starting out, so it can't be that unrealistic can it? and if you look at it as a shell loacted in that directory it makes perfect sense that the same directories exist from your browser and from the shell
just my $.02
The Flash wrote: I honestly don't have time for people who come to such a great site to learn then bite the hand that feeds them.
I for one didn't know much about unix commands and it encouraged me to read about them. It's not the beating of the challenge that is rewarding, it's the knowledge you gained from learning how to beat it.
Please, refrain from complaining about something that owns you.
amen
Just something I'd like to point out this for #n0ir, when you say that the challenge needs some fixing, because its not the way it normally would be by using unix commands. The reason why they are off, is from what I can understand, its made to make you THINK. Actually thats how a good amount of these challenges are. And about your "complaint" that it doesnt give you the order in which they need to commands need to go… Well as you posted in your thread,
s that you chmod the file to all+execute and delete that file and the other file that tracks people
THat is more then enough to figure out the order in which the commands need to go.
dude, I don't see why you came to HBH and, as a newb, tried to get the admins to change the challenges to suit your personal advantages. I didn't have a problem with this challenge, it was easy enough with the info they gave you, and I know I'm not the only one.
I'm not trying to be rude, I'm just trying to see your logic…I just don't see how you can come here and try to change things to suit your personal desires right off the bat. To me, it's like going to someone's house and trying to rearrange all of their furniture to where you'd rather it be :P
"Just my $.02" ^_^
he does have his point and it was well received by mr_cheese
yeah maybe he could be more polite but what he's pointing we all did when we passed that and other challenges.
don«t try to argument it doesn't predict all the diferent possibilities to do what's required. on purpose as if it's some sort of puzzle. that's just weird
i posted something along this lines complaining about some of the basic and javascript challenges when i found this site. and i didn't get such anger and hate,
i don't harbour any hate… i just don't see why he's whining. the challenge made perfect sense to me then and still does now. most of his points don't make sense. putting a '/' in front of the directories would change the result. the order doesn't matter. the only thing that could be changed is to let the user use octal on the permissions, but the other syntax is used much more often.
if you treat it as a remote shell it all makes sense, and iff you think laterally, looking around for the directory makes sense.
i guess now i'm up to $.04
Hey .. folks .. sovled the problem …. :o next day i .. tryed again the same commands i did .. for 1 hour and this time.. i run to next level lol strange .. but he it worked…
Did it like i say it must work.. and so i was.. strange that the last day this cmd's didn't work..
well ok.. anyway nice to find something like this.. keep me off the street :D
well anyway .. run .. to level 7 in now 4 hours so its not so bad i think…
By the way my first Hack was a agnes forum.. by mistake lol looked in source and found a password.. so think try that on adminlogin.. and he it worked .. so told the guy that his pass in source code so he closed his forum :xx: and told me that i .. can have his forum :evil: well hey i still have it somewhere…. so that how it all started here… and still like it to find hole's in the websecurity :)
Ok hey hope i have not much msg on this forum and like the most post's already say … THINK, READ and LOOK good…. that brings good idea's B)
Laterzzz.. all from Hitman_NL The Netherlands