Realistic 4

I have already found mail page (both php and html), and I also find login. I know I must set cookie information, but where can I found out which data goes to cookie.

About search_members.php?search=1 in instructions it says it is vulnerable, what injection do I need to make??

ok i got all the way to the search_members?search=1 i messed around with it and cant get an sql error so that must mean that its is something else i tried xss to view cookies/dont ask why/ but nothing do you guy have any direction you can point me in or any help

Has anybody complete this mission throught inject search_members.php?search=1??

I know it can be bypassed, and compleated with little guessing, but with getting admin pass…

is the injection added to the "all.php?id=download" bit

Can anyone give me a hint? I've tried exploiting all the pages I could find (those include the ones mentioned above).

Well, did you find the admin login page?

I thought I was supposed to find that by exploiting the pages?! Anyhow, still didn't find it.

Nope, just look in the source of the main page. You'll see it.

Thanks, I forgot to open my eyes.

I've found the log page… So now I'm supposed to exploit a page to get admin pass? Already tried that part =\

Oh, alright, i'm sure there are other ways of completing this challenge by getting the admin pass, but there is another way.

Go to members and look at any php file, then go to the admin login and type that same file after the admin directory. Do you see something? You can actually bypass the login directory and view files under the admin directory. Maybe you could guess the filename? ;)

Found another file (r******). There are so many files and none of them is really helping. :(

lol, I found a page in the admin dir that leas me to hellbound… the only problem is that it says the pass is wrong :p

• I think I skipped a part :d

Any help/directions???

I have the same thing… We've come this 'far', please help.

Stuck at this one to, seems like i have all the pages.

when i try some filenames i get this when i'm on 1 specific page:

Invalid Password
Please enter the correct Password```

Do you really have to gues the filename?

Okay I've got to the logs clearing area but i dont knnow what it means by password!

if you do delete the records you'll get the password to clear the logs.

so first delete the records.

Ive found admin login and normal login, dont understand nights shadows tip on going to members and looking at a php file though, where is this directory? Any other tips would by appreciated. cheers

did you try php injection?

Xyng wrote: Stuck at this one to, seems like i have all the pages.

when i try some filenames i get this when i'm on 1 specific page:

Invalid Password
Please enter the correct Password```

Do you really have to gues the filename?

I got to the exact same place... Any help?

Where I am stuck at is where you can "bypass the admin folder files," as I believe someone put it. I can see the log clearing form, I can see the logs, but I do not know how to clear the records.

x2 /me hasn't got a clue on how to delete the records =\

I found the logs and records but no "log clearing form" how did you find that?

I also found the <!– redirect to /re****s/ –> but there is no such directory it just gives a 404 :@

… anyone want to enlighten the the rest of us how to delete records lol?

got everthing u guys got on this one. Except how to delete the records

I've been trying to add something on the end of the url like…

?delete=records&&id=ghost but have not had any luck. Even reversed it all around with no luck. And tried "rm" instead of "delete" too. Am I completely off the path here?

hackerbabe wrote: got everthing u guys got on this one. Except how to delete the records.

I've been trying to add something on the end of the url like…

?delete=records&&id=ghost but have not had any luck. Even reversed it all around with no luck. And tried "rm" instead of "delete" too. Am I completely off the path here?

It's /all.php?(some action)=(something action is performed on)&&(some identifier)=(someone)

from wat avoid said. But i still don't get it i know its all correct cept for the i*=r****** part lil help

ok going back to the beginning…. whenever i try to access the mail page it says error - is this part of the challenge? like whenever i go to mail.html trying to add my email or just going there, if that makes sense…

Hmmm. I got that too bu not really sure if it's important to the challenge or not. I put view-source: in front of the url then saved it to the hard drive so I could see what was going on (That was in IE by the way)

i got the logs page and the records page but no idea how to delete them! anyone who got this plz help us :S

god wrote: i got the logs page and the records page but no idea how to delete them! anyone who got this plz help us :S

That's where I am stuck. What makes me curious is what someone said: "/all.php?(some action)=(something action is performed on)&&(some identifier)=(someone)"

Which completely baffles me. I think I know what he is trying to say, but what I see is that you would need three variables passed with all.php.

i'v found the logs clearing form.. and the records… but sadly.. im stcuk out from there… :(

Same here.

I'v tried loads of things to delete the records but nothing's happening.

i'll go some googlin' tomorrow…

Hello i wonder how i find that php files in member section, that one night shadow was talking about. Im curious how to find those. Ty

DealerX9 wrote: Hello i wonder how i find that php files in member section, that one night shadow was talking about. Im curious how to find those. Ty Complete the challenge lol…

Can I pm someone who has beaten this (and I will check that you have) and send them what I think the answer to the recod part is and they tell me what is wrong…

hmm anyone?

I'm stuck on the records section too lol

So am I :@ I've tried so many things it's just taking the piss!

I'm not sure but maby there is like another records place that adds the names.

is there anyone who can take me to the logs…. maybe than i'll get 50% of the challenge done…

Hmm that'd spoil it, nice sig btw

Grrr… Anyone have some hints on this page everyone seems to be stuck at. I have viewed everyones profile in this thread and no one has seem to have completed this challenge. I have tried just about every word i could think would go with this challenge but nothing seems to work…

Anyone that has completed this challenge I will help you out with anything else on this site if you just help me threw this damn mission.

/me plays mission imposible theme song

This one is starting to get on my nerves.

I've tried everything, every injection I know, every SQL query, every around-the-protection directory stuff. I haven't the faintest idea what to do on this.

I can get all the way to the logs page, and the records page.

I've been trying to get the admin cookies (having nearly given up on the other method) with no success.

Any hints? Let me know and I'll PM someone what I've already tried..

don't try SQL queries ;)

Think about what you are looking for and which user would be able to exececute those actions….

So is it something like

id=records&&username=Ghost

? I am stumped

That's the thing, I've tried every variation of what was just posted. I either need more variables, or I just get a blank page.

Any hints?

TAoS wrote: That's the thing, I've tried every variation of what was just posted. I either need more variables, or I just get a blank page.

Any hints?

What it seems like is the id part is wrong. Something like

remove=records&&username=Ghost

Or something in that nature.

If anyone needs help PM me I finally done it a few days ago :)

nights_shadow wrote: Oh, alright, i'm sure there are other ways of completing this challenge by getting the admin pass, but there is another way.

Go to members and look at any php file, then go to the admin login and type that same file after the admin directory. Do you see something? You can actually bypass the login directory and view files under the admin directory. Maybe you could guess the filename? ;)

Is there a reason that you just quoted a six year old post?

As his first post, too. Even better!

starofale wrote: Is there a reason that you just quoted a six year old post?

Good question I'm locking it down so it won't happen again.