Main:advertisement
A guide to a hard challenge *minimal spoilers*
Ok, when we first come up to this challenge, we’re faced with a fairly blank page.
Have a poke around, and then try the email box. Whoops redirected. Get around that and have another poke around. (From this point on every time you see a new page, have a poke around). Now, admins set their cookie? What could that be. Worry about it later. Aha. Now we have a directory, so go there.
Now we have a login, you might try injecting it with the admin user and a nice sql injection? OR, you could try the details we’re given in the challenge description. So we have a look around, nothing of use… except the search option. Try whatever you want, you’ll get the same error, so go back and do what it says.
A list of users? But with no passwords (come on, it’s never that easy). You could try to inject the member search page, or you could do it the easy way. There aren’t many tools around here that look very admin-like, look around all the pages you’ve been to so far until you can find the admin section. **hint open source, Ctrl+F, search for admin**
Now that you’ve found it and we have the username, but no password! Not to worry, what pages are in the user section? There are probably the same pages inside the admin section. Now that we’re in there we need to revisit what we’re actually trying to do. We want to erase Ghosts records. What page holds all the data? <<**hint**>> go looking for the records. Now that we have found them go do some research on actions and PHP, it’s not too hard.
Now that we have that we need to clear the logs, we don’t want to get caught now do we? So we use the same principle we used to find the records. Now, what did we get just before? Use that and be done with this well written challenge.
**for the record, when I said worry about the admin cookie later, I meant MUCH later, ie never.**
***if this article helps you please rate it....****
Have a poke around, and then try the email box. Whoops redirected. Get around that and have another poke around. (From this point on every time you see a new page, have a poke around). Now, admins set their cookie? What could that be. Worry about it later. Aha. Now we have a directory, so go there.
Now we have a login, you might try injecting it with the admin user and a nice sql injection? OR, you could try the details we’re given in the challenge description. So we have a look around, nothing of use… except the search option. Try whatever you want, you’ll get the same error, so go back and do what it says.
A list of users? But with no passwords (come on, it’s never that easy). You could try to inject the member search page, or you could do it the easy way. There aren’t many tools around here that look very admin-like, look around all the pages you’ve been to so far until you can find the admin section. **hint open source, Ctrl+F, search for admin**
Now that you’ve found it and we have the username, but no password! Not to worry, what pages are in the user section? There are probably the same pages inside the admin section. Now that we’re in there we need to revisit what we’re actually trying to do. We want to erase Ghosts records. What page holds all the data? <<**hint**>> go looking for the records. Now that we have found them go do some research on actions and PHP, it’s not too hard.
Now that we have that we need to clear the logs, we don’t want to get caught now do we? So we use the same principle we used to find the records. Now, what did we get just before? Use that and be done with this well written challenge.
**for the record, when I said worry about the admin cookie later, I meant MUCH later, ie never.**
***if this article helps you please rate it....****
Posted by 
