TryThis0ne - Forums.

TryThis0ne >> Challenges >> Web
TT0 level OS Login
Viewers: :

Quick reply

New Topic

pexalt

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11

Top

Sent on: 05/10/2005, 13:01:23

Reply | Quote | Warn | Edit

Howdy,

I know a similar post has been made in reference to the OS Login level but unfortunately for me the person who posted the post of which I talk, solved his or her own problem.

They gave a rather large hint, that they believed that the level required a 'fake form'. I checked this out on Google but to no real success. Could anyone describe in more detail what a 'fake form' is\involves or even phrase the term better so I can check it out on Google myself.

Thanks in advance,

~Pexalt

Avidor93

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65

Top

Sent on: 05/10/2005, 13:16:57

Reply | Quote | Warn | Edit

Look, you have the source.... so think what you can do that the page will think that you are admin?

pexalt

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11

Top

Sent on: 05/10/2005, 13:46:53

Reply | Quote | Warn | Edit

Ta
I understnad that it is possible to quite easily obtain some information such as user and pass and that there appears to be certain variables that dictate which login messages you receive I would still like specific information about this 'fake form' concept. Just so I can look into it further

~Pexalt

Nameless

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 32

Top

Sent on: 05/10/2005, 16:30:26

Reply | Quote | Warn | Edit

forget about the fake form
you don't need it
all you need is in the source code and in the login page

Nameless

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 32

Top

Sent on: 05/10/2005, 20:22:15

Reply | Quote | Warn | Edit

you're trying to open a door with force when all you need is the key...
look at the source code
it's all there
they litreally tell you what to do in order to not just succesfully enter but enter with admin rights

Inj3ction

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 102

Top

Sent on: 06/10/2005, 01:38:39

Reply | Quote | Warn | Edit

i tried sql injection and to inject the value 1 but it didn't work 4 me

KashaBash

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12

Top

Sent on: 06/10/2005, 02:08:48

Reply | Quote | Warn | Edit

faking the form it the right way...
try to think what kind of line(value) is missing for get the admin..

i broken my brain too...but K-Gen gave me hint....listen to him

Edit by : KashaBash At 06/10/2005, 00:10:00

pexalt

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11

Top

Sent on: 06/10/2005, 11:00:46

Reply | Quote | Warn | Edit

Thanks all,
I still have had no (well limited) success with this level. I think I know the value I must change to obtain administration login status but I'm unsure how to pass this value. Is there a phrase I could Google perhaps?

Thanks again,

~Pexalt

D-Viper

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 15

Top

Sent on: 09/10/2005, 01:15:45

Reply | Quote | Warn | Edit

I have tried to fake a form with a button that makes the varaible "admin" to be equal to 1. It didn't work, probably because I didn't write it well (I don't know much of javascript).
Am I on the right track?

cp77fk4r
Global Admin

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621

Top

Sent on: 09/10/2005, 04:54:39

Reply | Quote | Warn | Edit

Yeah viper, but try to think if the kind of the value that you sending is right.

pexalt

Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11

Top

Sent on: 09/10/2005, 05:53:39

Reply | Quote | Warn | Edit

I checked out the statistic section of this site and noticed that you had passed Reverse Me 2, D-Viper. I now understand what a fake form is and suggest you have a look at that challenge again to refresh your knowledge on that kind of attack. Perhaps it could help here.

~Pexalt