Main:
Tutorial from Real 5
Real 5:
Skills:
Javascript,
Basic HTML (Understanding)
Password Cracking.
What you Need to do:
get BillSmith's password, check your email and replace your cookies with Bill Smith’s
read his email
Find BillSmith’s folder and change his permission to “Read All
cover your logs by accessing the .htaccess file and replacing your IP with the old one.
Find admin to report name to.
Thats the basic info we need also we get a username/password so lets log in.
1.
Now looking about for a way to get a password, probably a hash, Hint: a lot of this challenge is just looking at the source or Directories. Found somthing odd? Well they wouldn't make it that easy would they now? Maybe thats just a hint of where another one is hidden.
Once you have BillSmith's password lets do the next step.
2.
Next we need to read some of Billsmith's mail, well if you had any sense you'd have seen the email system. Why not go there.
Okay, it tells us that changing the cookie is the way to do it. Right now how do you change a cookie? If you are really stumped look at the basic skills I mentioned at the begining. Lets check ours first hmmmm there isnt one set for the challenge. Oh well we will just have to guess, there are only 4 common forms for each ;). Mustn't forget to refresh.
Oh whats there's new mail ;)
3.
Hmmm doesnt give us much info about the directory, have a look around he has mentioned it.
go there :)
4.
looks like we're nearly done!
Okay what was the first thing? set his folders permission to 'Read All' but in numbers, <insert research here> okay that done. It's not 775 but thats close :P
Now we need to edit the logs through the .htacess file well lest go back to that directory. If you liek try the files one after the other. Ok, but what wa sthe old IP? Again remember my earlier hint have a look around that page. Now you'll find two IP's, try each one and compare the results. You should be able to work out which is right.
5.
YES! Now all we need to do is report him.
Well back to the special directories page. Lets have a look around. 'Please use actions'??? Thats odd maybe there is somehting hidden next to it. ;) Got it? well we need it for the main directory hmmm well there is a command a url thingy to do this '../' without ' marks.
::Didn't find it? well it just makes you life harder, You want to reports someones activity have a few guesses at the main page::
6.
ok, fill it out and send :) Wait it doesnt work!!! hmmm well lets check it out. Remember my hint? Well done, hmmmm we need to report to sanderson. Well there are two ways to fix this, Javascript and the good old way edit source way. :)
And you're done :)
Skills:
Javascript,
Basic HTML (Understanding)
Password Cracking.
What you Need to do:
get BillSmith's password, check your email and replace your cookies with Bill Smith’s
read his email
Find BillSmith’s folder and change his permission to “Read All
cover your logs by accessing the .htaccess file and replacing your IP with the old one.
Find admin to report name to.
Thats the basic info we need also we get a username/password so lets log in.
1.
Now looking about for a way to get a password, probably a hash, Hint: a lot of this challenge is just looking at the source or Directories. Found somthing odd? Well they wouldn't make it that easy would they now? Maybe thats just a hint of where another one is hidden.
Once you have BillSmith's password lets do the next step.
2.
Next we need to read some of Billsmith's mail, well if you had any sense you'd have seen the email system. Why not go there.
Okay, it tells us that changing the cookie is the way to do it. Right now how do you change a cookie? If you are really stumped look at the basic skills I mentioned at the begining. Lets check ours first hmmmm there isnt one set for the challenge. Oh well we will just have to guess, there are only 4 common forms for each ;). Mustn't forget to refresh.
Oh whats there's new mail ;)
3.
Hmmm doesnt give us much info about the directory, have a look around he has mentioned it.
go there :)
4.
looks like we're nearly done!
Okay what was the first thing? set his folders permission to 'Read All' but in numbers, <insert research here> okay that done. It's not 775 but thats close :P
Now we need to edit the logs through the .htacess file well lest go back to that directory. If you liek try the files one after the other. Ok, but what wa sthe old IP? Again remember my earlier hint have a look around that page. Now you'll find two IP's, try each one and compare the results. You should be able to work out which is right.
5.
YES! Now all we need to do is report him.
Well back to the special directories page. Lets have a look around. 'Please use actions'??? Thats odd maybe there is somehting hidden next to it. ;) Got it? well we need it for the main directory hmmm well there is a command a url thingy to do this '../' without ' marks.
::Didn't find it? well it just makes you life harder, You want to reports someones activity have a few guesses at the main page::
6.
ok, fill it out and send :) Wait it doesnt work!!! hmmm well lets check it out. Remember my hint? Well done, hmmmm we need to report to sanderson. Well there are two ways to fix this, Javascript and the good old way edit source way. :)
And you're done :)
Posted by 
.
