|
|
pexalt
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
|
|
|
|
|
|
|
Howdy,
I know a similar post has been made in reference to the OS Login level but unfortunately for me the person who posted the post of which I talk, solved his or her own problem.
They gave a rather large hint, that they believed that the level required a 'fake form'. I checked this out on Google but to no real success. Could anyone describe in more detail what a 'fake form' is\involves or even phrase the term better so I can check it out on Google myself.
Thanks in advance,
~Pexalt
|
|
|
|
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 65
|
|
|
|
|
|
|
|
Look, you have the source.... so think what you can do that the page will think that you are admin?
|
|
|
|
|
|
pexalt
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
|
|
|
|
|
|
|
Ta
I understnad that it is possible to quite easily obtain some information such as user and pass and that there appears to be certain variables that dictate which login messages you receive I would still like specific information about this 'fake form' concept. Just so I can look into it further
~Pexalt
|
|
|
|
|
|
Nameless
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 32
|
|
|
|
|
|
|
|
forget about the fake form
you don't need it
all you need is in the source code and in the login page
|
|
|
|
|
|
Nameless
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 32
|
|
|
|
|
|
|
|
you're trying to open a door with force when all you need is the key...
look at the source code
it's all there
they litreally tell you what to do in order to not just succesfully enter but enter with admin rights
|
|
|
|
|
|
Inj3ction
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 102
|
|
|
|
|
|
|
|
i tried sql injection and to inject the value 1 but it didn't work 4 me
|
|
|
|
|
|
KashaBash
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12
|
|
|
|
|
|
|
|
faking the form it the right way...
try to think what kind of line(value) is missing for get the admin..
i broken my brain too...but K-Gen gave me hint....listen to him
Edit by : KashaBash At 06/10/2005, 00:10:00
|
|
|
|
|
|
pexalt
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
|
|
|
|
|
|
|
Thanks all,
I still have had no (well limited) success with this level. I think I know the value I must change to obtain administration login status but I'm unsure how to pass this value. Is there a phrase I could Google perhaps?
Thanks again,
~Pexalt
|
|
|
|
|
|
D-Viper
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 15
|
|
|
|
|
|
|
|
I have tried to fake a form with a button that makes the varaible "admin" to be equal to 1. It didn't work, probably because I didn't write it well (I don't know much of javascript).
Am I on the right track?
|
|
|
|
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
|
|
|
|
|
|
|
Yeah viper, but try to think if the kind of the value that you sending is right.
|
|
|
|
|
|
pexalt
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
|
|
|
|
|
|
|
I checked out the statistic section of this site and noticed that you had passed Reverse Me 2, D-Viper. I now understand what a fake form is and suggest you have a look at that challenge again to refresh your knowledge on that kind of attack. Perhaps it could help here.
~Pexalt
|
|
|
|
|
|
CrookedLuke
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 1
|
|
|
|
|
|
|
|
Inj3ction: | i tried sql injection and to inject the value 1 but it didn't work 4 me |
If you scan through the script for about 3 seconds, you'll notice there's no use of any SQL queries, so how would this be possible anyway?
|
|
|
|
|
|
Inj3ction
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 102
|
|
|
|
|
|
|
|
yeah i figured it out after i tried.. thats y it didn't work :\
but i almost did it already. in 15 minutes i'll finish the level beezrat hashem :)
|
|
|
|
|
|
D-Viper
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 15
|
|
|
|
|
|
|
|
Now I've got it :)
I finished the challenge:)
|
|
|
|
|
|
Inj3ction
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 102
|
|
|
|
|
|
|
|
did you fake the form like you said in the last post?
|
|
|
|
|
|
D-Viper
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 15
|
|
|
|
|
|
|
|
yeah, it was easier than I thought :)
|
|
|
|
|