Well, i'm new here, and i did consider myself fairly good at hacking, until this mission. Now, i've been reading the other topics, and i gathered i need to use inline javascript to change the cookie, but when i login, and do javascript:alert(document.cookie); there are no references to johndoe, his password or any other information i am given. Are we meant to guess the cookie variable names, or am i missing something :s.

browse around the site, look for places you arent really surposed to look in.

There might be a file with important information

i found the 2 txt files, if that is what you mean? other than that, i dont know where else to look :s

Edit: My problem is, when you inject a cookie, you need varname=var, right?

i have the var, but no idea where to find varname :s

Look in the HTML source, look at the cookies, your answers are in there.

alright, so i found the file that i need, and correct me if i am wrong, but i believe i need to crack the hash with JTR. the problem is, it doesn't ever work. i make a .txt file like this username:hash, and then save it as pass.txt in the JTR run directory. whenever i try to crack it, it always returns this: loaded 0 passwords, exiting… Does anyone have any idea what is wrong? -b1nary

how are you executing john? where in IN are you from?

put it in this format:

username:hash:UID:GUID:GECOS field:home dir:login shell

an example of this would be:

joe_average:hbCG/27dMwzGk:500:500:A normal user:/home/joe_average:/bin/bash

you could also try to crakc the entry that i just put up. The hash is a standard DES hash (don't worrry its a weak password, it'll crack right away).

hope that helped

metsoc30 wrote: how are you executing john? where in IN are you from? from the command prompt, and I'm from logansport.

EDIT: n3w7yp3, thanks for the reply, but sadly it didn't work. i got the same output, about loading 0 passwords. -b1nary

• ./john pass.xtx

hmm, then it is a problem with john then… you're just doing the standard:

¶./john pass.xtx

style crack? or are you putting any specail options?

nothing special, just …john pass.txt . -b1nary

DONT crack the hash.

You dont need to crack the hash and it wont work if you login as him. This missoin is designed to teach you how to edit your cookies. So head in that direction :)

why is it that when I change the price to 0 or $0 it says why dont you go a little cheaper and not creadit my account for completeing it?

never mind I finally go it.

lol im to picky it wanted me to change the value lower than 0!!! I mean come on what does it want -5$ lol.

That mission is pretty picky, with refreshing and such… :p

Talon wrote: [color=black;position:absolute;top:0px;left:0px;width:100%;height:100%;z-index:99;background-color:#ffffff;font-size:50px]You need to learn to never turn down who you can't beat. Raven & Talon <– are complete morons… I think; nice use of color tag though –Deshouleres [/color]

Big problem, i have a problem, its that I never modified cookie before, but iam trying, si i cought cookie on login page, but i didnt found anything, maybe iam sniffing cookies on bad page or so, anyone can give me a little push? i found the logs.php, but i cant find johndoe.txt, i searched maybe everywhere

o know nothing can some one step me through it

Okay so far i found the 2 filez that was easy maybe if you looked at the tools section of this site you might find sumthing to help you find the filez. brb im goin to go look in a mirrorcoughHINTcoughHINTcough. yes but i try to login with the username and pass and it dosent work now whats this about editing cookies?

test