TryThis0ne - Forums.

TryThis0ne >> Challenges >> Realistic
level name: Text Archive
Viewers: :

Locked

pitbull

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34

Top

Sent on: 28/09/2005, 21:06:45

Warn | Edit

Can i get a good hint for this level?
I tried sql inections but it didn't work..
I found some xss in the site, what can I do with that?
steal cookies from other users? for that i need to give the link [with the script ] to someone, but to who?

hint plz...
[i saw the other posts about this level and it didn't help me]
edit :
so, there is 2 xss, one working, and the other is "protected"
the chars '<' and '>' are disabled
so now i know that i dont need to buid C**** S****
give some hint plz!

Edit by : pitbull At 28/09/2005, 19:15:31

Edit by : pitbull At 28/09/2005, 19:16:16

Edit by : pitbull At 28/09/2005, 20:21:53

Avidor93

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65

Top

Sent on: 28/09/2005, 22:25:50

Warn | Edit

cp help, how the xss can help us?
p.s. we need to reg first right?
how to reg ? we dont now
the code :-<

: Avidor93 28/09/2005, 22:42:05

B~HFH
Global Admin

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 28

Top

Sent on: 29/09/2005, 00:22:27

Warn | Edit

Reading text about xss will help at this level.
for hacking with xss you need 2 things:
1. vulnerable place.
2. a way for sending the "dangerous" link for other users.

good luck [=

pitbull

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34

Top

Sent on: 29/09/2005, 08:53:34

Warn | Edit

"dangerous" link, you mean cookie stealer?
what it can be if its not a cookie stealer?

Alias

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 27

Top

Sent on: 29/09/2005, 09:53:47

Warn | Edit

Cookie Stealer is a script in some server side language which get the cookies and saves it in some text file or in the DB.
When you want to steal cookies from other users you should do one more thing to make the users send thier cookies to the Cookie Stealer, try to think what is this thing.
Ok, so in this level they tell you that you don't have to builed CS, but they didn't tell you that you don't have to steal cookies.

GL.

Edit by : Alias At 29/09/2005, 07:54:26

pitbull

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34

Top

Sent on: 29/09/2005, 16:24:56

Warn | Edit

Tnx Alias ;)
it was very easy, now i have some user name and password and I can login to site, what now??
what i need to do?
what the mission?

Avidor93

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65

Top

Sent on: 29/09/2005, 23:56:44

Warn | Edit

hmm i pass it too....
but what now ?
i need to get the password from the upload page?
on the text area
i found that on any text the asp in this format
**********.asp?file=*****.****
and i was change it and it was written
you are on the right track

: Avidor93 29/09/2005, 22:03:07

cp77fk4r
Global Admin

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621

Top

Sent on: 30/09/2005, 01:18:07

Warn | Edit

So... it's mean that you on the right track! ;)

pitbull

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 34

Top

Sent on: 30/09/2005, 08:56:12

Warn | Edit

hint plz, maybe there is some txt file that contain the password?
I need to guess the file name? or maybe there is some sql injection in there?

cp77fk4r
Global Admin

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621

Top

Sent on: 30/09/2005, 14:24:53

Warn | Edit

You have the file name! look, when you type some password- it check if it's right, there is comparing to the right password in this file- you just need to know what is the value that it compare with you password.

and.. how can you know that...?