Realistic 12

I got the ****.txt directory in the real12 but there was not something special except for a refer to the realistic 8 . In realistic 8 *****.txt there are some interesting url but they do not work . Besides all this , I cannot perceive anything special and have no clue on how to continue. Any hint on how how to proceed after both txt files ?:(

The question is how did you find the ***.txt ?

If you used a certain exploit that led you to ***.txt, then you must have stopped reading before you got to the end of the file list.

If it was a guess, Well Done ! but it wasn't the file you really needed.

Find the vulnerable place on real 12, and exploit it using something you learned in the basics.

Ps. There is no****.txt

"If it was a guess, Well Done ! but it wasn't the file you really needed."

It was only a guess

Look at what he said in the shoutbox the other day, if you're still stuck.

it is a very tough challenge . In this challenge as in others there are always distractions which deviate the challenger from his/her target and therefore make it very hard for him/her to solve the challenge easily

Basic Web Hacking ** Him/her are on the right track, but we have limited the files you can include. Keep trying!

Perhaps there are some interesting directories him/her might try to visit.

You misunderstand me Huitzilopochtli

When I posted the above reply , I already solved the challenge :)

anyway thank you :)

Hi guys, any help finding the 2nd password would be appreciated. I've tried a various amount of directories I could think of with /.h*****d at the end but no luck. I know some of the other posts say it's right there.. but i can't find it. :@

Maybe the directory has the same name as the person you should be trying to login as.

Although, there is a second way to complete this one as a "normal" user.

Huitz.. ty for the reply. I tried a few obvious ones like user and checked the mission description for clues but am coming up short. I'm sure it's right there, but i'm running blind on ideas… most likely over thinking

Well since you're asking about a second password, I'm assuming you've already logged in once.

So just use the same vulnerability you used to get the first login, to read the contents of that php file.

Thanks Rex, that helped in getting there… i used that vulnerability to view the php file but am now getting file not found error. I messed around with the path but they all lead to page cannot be found. Sorry for being such a retard on this one… can i get another hint? :|

Concentrate on finding the file it shows you in the error message.

Also, don't try to access it via the vulnerability, just go straight to it since you know the path.

Good LORD! Such a basic thing and I thought I already checked that path..

Thanks for the help Rex!!

I'm going to slam my head against the wall a few times

Ah, don't be too hard on yourself man, it always looks easy, when you know how it's done.