real 1

i need direction i got the auth ID,username,password @ http://www.hellboundhackers.org/challenges/real1/******/ folder

but then what to do?? i tried pass for johndoe.. & for admin***** but nothing is working .. it shows wrong pass…

plz help me!

Click on "articles", in the menu. Then goto "hbh objectives" and search for real1. That will help you ALOT.

A hint: you have to use Javascript Injections.

its soo easy just look around play wit urbrowser

javascript:void(*********)

i solved it…

sorry i don't know about toys.php i search alot & found an article abt realistic 1 in that they mentioned to use toys.php & @ there i have to use JS & then change the price…

my QUE is how can i find this file name..(toys.php) it didnt mention anywhere

if u know about this plz tell me!!! where do u find this… plz!!! thanking you!!!

hackthisemailid wrote: i solved it…

sorry i don't know about toys.php i search alot & found an article abt realistic 1 in that they mentioned to use toys.php & @ there i have to use JS & then change the price…

my QUE is how can i find this file name..(toys.php) it didnt mention anywhere

if u know about this plz tell me!!! where do u find this… plz!!! thanking you!!!

just go to the toys page and inject the javascript into the adressbar.

the case doesnt mention about toys.php

where do u know about this page name?? how do you use this page name?? when you solved it first time!! plz help me!!!

omfg! they link to toys right at the top of the page the description isnt going to walk you through the entire thing

the description i saw is as following

Trace Tracker V2.0

Your goal for this mission is to log in as an registered user (johndoe/password) and analyze the site to gain administrator rights to change the price of the program to make it a lot more cheaper.

Difficulty: easy

& in challenge there is only home page & login page & image directory thats it sorry i cannt find that toys.php name plz help!!!

I don't know what your looking at but if you go to the home page it's right above the image:angry:

first you need to login as "johndoe/password"

i got the files frm ****** folder i'm trying to login using johndoe…but got the error "Your user and pass didnt match our records "

i put JohnDoe as a username password:********** as a password

still it shows me error what i'm doing wrong plz tell me…. plz help me!!!

how about typing a password thats too long?… u dont use js to get johndoes password its in the effing description…

I don't know if this is considered cheating, but I used a certain program, and it gave me the layout of the mission site, and it gave me a .html page that gave me the auth ID, and other information, but when i go to log in as the administrator, it won't allow me to do so. Is that the time that I would use the javascript injection?

Isn't hacking about cheating your way in to the system? I wouldn't say that you could cheat with hacking if you don't search for the answers on google or ask a friend without understanding what you are doing.