TryThis0ne >> Challenges >> Realistic
Proxy Mania
Viewers: :
Quick reply
Reply
New Topic
 
jujishou




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location:: Tokyo, Japan
Posts: 12




Top
Sent on: 14/08/2006, 09:50:01 Reply | Quote | Warn | Edit
I've managed to break in to the newest user's account and I was able to change his personal data. I was also able to receive emails of lost password. But the thing is I can't figure out where to go from here. Moreover, the email I got is PLAIN BLANK! There's no such thing looks like password!!
Now where to go?
My position is I've just broke in to the newest member's account...

jujishou




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12




Top
Sent on: 15/08/2006, 13:42:30 Reply | Quote | Warn | Edit
Where is everybody? Gone fighting with Hezbollah?
Oh my god, it's too quiet around here...

Avidor93




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 31




Send Email Top
Sent on: 18/08/2006, 15:06:35 Reply | Quote | Warn | Edit
No body is here....
This project almost die :'(

atreyu




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11




Send Email Top
Sent on: 18/08/2006, 18:16:31 Reply | Quote | Warn | Edit
every time I connect there are new users!
if people dont come to the forum they are very clever...
or they have not a clue about what to ask

jujishou




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12




Top
Sent on: 20/08/2006, 17:39:01 Reply | Quote | Warn | Edit
OK.
How about hints for Proxy Mania?

codingr
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 91




Top
Sent on: 22/08/2006, 14:40:56 Reply | Quote | Warn | Edit
jujishou:
OK.
How about hints for Proxy Mania?



How about trying to attack the update sequence?
moreover, i suggest that (after you have managed to figure out how to attack the update sequence) you'll check the admin's name.

By the way, i am sorry (if you are still here of course) about the silence, its just that we dont have a lot of time.
cp77fk4r dont have time at all, B~HFH is busy most of the time and i also dont have a lot of time.


Edit by : codingr At 22/08/2006, 13:46:56

Edit by : codingr At 23/08/2006, 17:35:26

jujishou




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12




Top
Sent on: 23/08/2006, 18:28:02 Reply | Quote | Warn | Edit
Thanks. I didn't think you're just busy. I was worried too much about the damn battle.
Anyway thanks for your hint. I'll try.

atreyu




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11




Send Email Top
Sent on: 28/08/2006, 03:13:29 Reply | Quote | Warn | Edit
Hello!

I'm in the update sequnce with SQL Server errors, trying [rot13 HINT]pbzzrag naq zhygvcyr fdy fgngrzragf nggnpxf[/] with no luck :/ Every time I get 'Unclosed quotation mark before the character string', even when quotes are balanced.

Any hint but 'keep trying'?

Thanks

Edit by : atreyu At 28/08/2006, 02:14:53

Hmmm, I got something new but now I dont even get the user's mail... I already had that, what's up?

Edit by : atreyu At 02/09/2006, 07:36:40

OK, some [big] delay in mail delivery system, please forget my previous comment

Edit by : atreyu At 02/09/2006, 17:35:57

atreyu




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11




Send Email Top
Sent on: 02/09/2006, 19:43:12 Reply | Quote | Warn | Edit
from mission:
please hack into the proxy server site logs and find the bastard's real ip.
the crime took place at : 16/10/2004, 18:53

I have two proxy logs at 16/10/2004, 18:53
The answer isn't any of the logs IP, and there is an "On/Off Proxy Server" option in Admin Control Panel. I have to shut down the proxy that bastard is using?

n0-0ne




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 4




Send Email Top
Sent on: 05/09/2006, 14:56:31 Reply | Quote | Warn | Edit
managed to find the hole in the update form
but for some reason all i get is this damn quoet error
even when its ok.
and for some reason the e-mail I'm trying to give to the admin
is shown on top of the error like there is some special refernce to it
but I get no mails

some hint would be helpfull

Avidor93




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 31




Send Email Top
Sent on: 12/09/2006, 20:25:08 Reply | Quote | Warn | Edit
I succeed to get to the admin panel, I am stuck here.
There is logs, And i found the 2 sentences in that hour.
There is option to shut down the proxy, but i can't shutdown it, i dont know how, there is no sql injection or something =\
I understand who is the log describing the people i searching.
(By the id, ID 2 & 3 in the logs, 2 - admin, so 3 = the people)
but to see the details about him i need his name.

So what i am doing now?
Please hint!

cp77fk4r
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621




Send Email Top
Sent on: 17/09/2006, 16:35:24 Reply | Quote | Warn | Edit
Avidor93, your mission is not to take off the proxy server, your mission is to get the REAL Attaker's IP.

jujishou




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12




Top
Sent on: 17/09/2006, 18:06:30 Reply | Quote | Warn | Edit
Oh hi cp nice to see you again!
I'm still stuck here because Admin login isn't vulnerable to SQL injection.
Oh wait, I think I've got an idea hehe...

cp77fk4r
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621




Send Email Top
Sent on: 17/09/2006, 22:54:58 Reply | Quote | Warn | Edit
hint? "Chaining" you know what it's mean?
Good luck!

jujishou




AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12




Top
Sent on: 18/09/2006, 15:37:01 Reply | Quote | Warn | Edit
That's odd...
The security hole used to be working is no more!
Have it been patched?

cp77fk4r
Global Admin



AVATAR



Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621




Send Email Top
Sent on: 19/09/2006, 02:36:58 Reply | Quote | Warn | Edit
Send me your problem in pm and i'll try to help you.

All the times are GMT+2, ISRAEL
TryThis0ne >> Challenges >> Realistic

Page: 1, 2
Quick reply
Reply
New Topic


Page generated using: 12 queries
Design by SBD © GeHeNoM.Net | Powered By Tera-Byte Forums 1.5 © JonJon & HLL
ý