Stuck On Real 7
ok i've tried http://www.hellboundhackers.org/challenges/real7/***php?****=*** and http://www.hellboundhackers.org/challenges/real7/**.php?***=/*** both with and without the slash before home, with anything i could think of that has to do with .htaccess, or .htpasswd, sry for the spoiler but its not like the other posts aren't spoilers just because they have a few *'s in them.
[edited by system_meltdown]Yes they are spoilers so I edited them[/edit]
Im at this same part as well . I learned where the location is . But im still trying to figure out where the exact location is . I studied up on Apache server directories . I found this :
http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
I keep trying variations of what i think it is from reading this forum thrread and from what ive read at that link . I post it in the url and in the box . Still nothing is working but i can guess what the final path is but nothing .
To'g go bog e' , Neqtan
I think im getting closer since im not getting as many 404's :
/challenges/real7/.php?=/home/nhbs/ap*****
Still getting a not found message . But i guess thats better than a 404 .
I read seljojojo's post about the final path bieng similar to the protected .
con**** us.
so u have
real7/con*****.php?di*******=/home/nhbs/**********
after nhbs u put apache folder that contains passwords. name is simmilar to protection file itself.
So im working off of this info now .
Tog go bog e , Neqtan
I think there must be a bug .
I got as far as the admin panel as well and it tells me this :
You have not completed all the checkpoints. CHANGE GRADES[DONE] BECOME ADMIN[DONE] GET PASSWORDS[DONE] GET .HTACCESS DETAILS REFERER[DONE] [DONE]
But then i go about getting .htaccess details and then go back to the page where i got that info and then it says :
You have not completed all the checkpoints. CHANGE GRADES BECOME ADMIN GET PASSWORDS GET .HTACCESS DETAILS[DONE] REFERER
So i go back through and do everything . Then i get :
You have not completed all the checkpoints. CHANGE GRADES BECOME ADMIN[DONE] GET PASSWORDS GET .HTACCESS DETAILS[DONE] REFERER[DONE]
Even though i did change grades and got both of the passes other wise i wouldnt have gotten into the admin panel without one of the passes !
This is kinda funny . Not realy . But im trying to stay positive .
Tog go bog e , Neqtan
I got this after doing the whole thing over . I completely closed out of my browser and reloaded and started the mission from scratch .
http://www.hellboundhackers.org/challenges/real7/admin/morepoints.php
So i started from scratch , lets compare apples to apples :
#1 =
Go to the teacher page , find the vuln get the pass for the corect teacher . Look in the source for the corect id value .
#2 =
Go to the Staff access page and fill in the login form with the found info .
#3 =
Change grades . Cant quite do it from the page itself . But i found two methods that would . One was using a type of script . The other was using an offline manufacturing method .
#4 =
Change salary . Reading the intro directions lets us know what this is !
#5 =
Go to the page with the vuln to get the admin hash . I used my buddy Jack the Ripper to get the pass .
#6 =
Go to the url path where the admin login form pops up . Fill in form .
#7 =
Then the page with the [done] list apears . I was forced both times to go back and redo parts of the challenge . Finaly i got the url :
http://www.hellboundhackers.org/challenges/real7/admin/morepoints.php
But no points were awarded . There was bugs in this mission almost a year ago . That apeared to be fixed . Maby there is something wrong again . Not sure im gonna go back through it again .
To'g go bog e' , Neqtan