Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

real 4 hint:... How to remove Ghost records...


ghost's Avatar
0 0

I realize that most people stuck on how to… remove record of Ghost….

As Mr system_meltdown points out in his article http://www.hellboundhackers.org/articles/articlecomments.php?article_id=236:

Part four: Removing Ghost's record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we're trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Can you combine all… greens..!!! Q

I provide this because I believe that the specific command it is more a matter of luck… than knowledge… ;-)

I hope it helps!!


ghost's Avatar
0 0

Thiseas wrote: I realize that most people stuck on how to… remove record of Ghost….

As Mr system_meltdown points out in his article http://www.hellboundhackers.org/articles/articlecomments.php?article_id=236: [quote]Part four: Removing Ghost's record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we're trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Can you combine all… greens..!!! Q

I provide this because I believe that the specific command it is more a matter of luck… than knowledge… ;-)

I hope it helps!!

[/quote]

finally got it :) thanks


RedDragon's Avatar
Member
0 0

Finally got it ! :) Don´t know what it was, but it helped ! :) thx man


DeafCode's Avatar
root@Alpha.Oddities
0 0

wow. i must be brain dead because i'm still not getting it.


clone4's Avatar
Perl-6 Wisdom Seeker
0 0

DeafCode wrote: wow. i must be brain dead because i'm still not getting it.

dude are you serious, everybody should get it after the first post… To make it even more clear, I will take those hints and put them together:

remove record of Ghost all.php?action=something&&id=someone


DeafCode's Avatar
root@Alpha.Oddities
0 0

i get that part. i've tried a shit load of combinations of the two. it's obvios what "id=(something)" is i just can't get the other one. i've done pretty much every combination of "remove records of ghost" that is obvious. in fact two of each because i don't know if it requires quotes or not

EDIT: wow. i got it. Now i feel retarded.


macfarlanet's Avatar
Member
0 0

^^ Haha I lol'd

I just finished this challenge, I'll admit I got stuck in a couple of places by not using uppercase when appropriate.


sam207's Avatar
Member
0 0

clone4 wrote:

remove record of Ghost all.php?action=something&&id=someone I tried evry possible combination i can think of but can't get it still…. can anyone bother to pm me the url line parameter to delete ghosts record.. I don't want to get stuck in it anymore.. This challenge has been pain for me.


spyware's Avatar
Banned
0 0

sam207 wrote: I tried evry possible combination i can think of but can't get it still…. can anyone bother to pm me the url line parameter to delete ghosts record.. I don't want to get stuck in it anymore.. This challenge has been pain for me.

Begging for answers? Awww, shucks, game over for you.


sam207's Avatar
Member
0 0

spyware wrote: [quote]sam207 wrote: I tried evry possible combination i can think of but can't get it still…. can anyone bother to pm me the url line parameter to delete ghosts record.. I don't want to get stuck in it anymore.. This challenge has been pain for me.

Begging for answers? Awww, shucks, game over for you.[/quote] I feel its luck rather than knowledge to remove the ghost records.. so i don't want to get stuck over it..


xxSk1N_D33Pxx's Avatar
Member
0 0

sam207 wrote: I tried evry possible combination i can think of but can't get it still….

I suggest you think harder then. Try re-reading the thread, the answer will come to you.


sam207's Avatar
Member
0 0

xxSk1N_D33Pxx wrote: [quote]sam207 wrote: I tried evry possible combination i can think of but can't get it still….

I suggest you think harder then. Try re-reading the thread, the answer will come to you.[/quote] Yeah did it finally.. I was making some mistake with the first command; plural was what I was doing in records.


starofale's Avatar
Member
0 0

what was the point in telling us:

"I have done some research and I found out that earch_members.php?search=1 is injectable."?

i spent a while trying to inject it and got nowhere :angry: completed the challenge in the end though


ghost's Avatar
0 0

I understood exactly what need to be injected to remove it, however is there a reason it only works when you are on a certain pages, for example if you are on the records page, it will work, if you are on the clear logs page, and you put in the exact same link in the url bar, it will not work.

I have the challenge completed, I am just trying to better understand url manipulation


stranac's Avatar
Member
0 0

It does work on logs page to, I just checked it. Maybe you didn't put the exact same thing in.


kingasmk's Avatar
Member
0 0

Thiseas wrote: I realize that most people stuck on how to… remove record of Ghost….

As Mr system_meltdown points out in his article http://www.hellboundhackers.org/articles/articlecomments.php?article_id=236: [quote]Part four: Removing Ghost's record Now if you know the basics of php you will find this kind of easy, so we know where the records are now right? Goooood now we need to remove them so try things on the lines of all.php?(action)=(thing)&&id=(something) and remember we're trying to remove one record not loads of records. If you manage to remove his record you will get a password, we will need this soon.

Can you combine all… greens..!!! Q

I provide this because I believe that the specific command it is more a matter of luck… than knowledge… ;-)

I hope it helps!!

[/quote]

Great One it helps me so much Thanks but can you tell me what kind of vulnerability is it?


korg's Avatar
Admin from hell
0 0

Now, Now MoshBat. You know how excited these kids get when they figure a challenge out. Take it down a notch or two.


korg's Avatar
Admin from hell
0 0

Locked.