Main:advertisement
Detailed tutorial on real 15. may contain spoilers.
I know there is allready an article on this challenge allready, but I am being asked for help on this mission quite a lot, and this may save me some time (And I'm bored).
Let's get on.
Tools -
Mozilla firefox (This is the browser I used)
Firefox plugin called "RefControl"
Well, at the moment, progress.php doesn't open when you view the main page, so open it in a new tab. Read the page, view the source. First you have to discover their plans (objectives 1 and 2 are done at the same time).
Now what useful information have we got from that? Well, they seem to be communicating on the server.
Let's try to log in then.
Say you changed some things on a computer, and you left a little note about the changes. What would you call it?
The python is (allmost) irrelevant just one small thing is usefull, and it's near the bottom. Found it?
What's that? No admin login there? But there is a nice little link. *click*
Now, If you can't do this... Javascript 1-3 skills.
And I know it's just soo tempting to "detonate", but you know which one you have to chose.
Ooh! Look at the URL! Shell.php! But wait. You just got redirected. go back, and press esc after it has fully loaded, but before it redirects.
This is where most people get stuck (me included), so I'll go into just a bit more detail.
You need RefControl for this bit.
A few hints:
1.) It's the real shell that you're looking for, so maybe it could be called realshell...?
2.) Perhaps the maker thought it was leet...
3.) Perhaps the owner thought that the realshell's name took too long to type, and he had a busy schedule of blowing himself up to go to heaven to worry about!
What could clues 1 + 2 + 3 possibly give you?
Got it? I'll just assume you have.
If you have, it should just direct you back to the index.php for the secret mission 1.
Set RefControl to the URL of the actual shell, and then go to it in your browser.
Guest, are we? We can change that ;)
Let's become a super user (google it)!
Now that's out of the way, take a look around.
We might wanna change some permissions.*
And remove some files.**
Well, then. What files do we have? public? maybe that's where the site is stored.
Change access, and remove...
Oh sh...ugar!!! Sending logs!
Change and remove quickly!
If at this point you get the "all objectives not completed", go back (in a new tab) and do them.
Ooh! new convo window.
Now to report them.
Simple enough. Google the UNIX command to run a file like that.
Well, you should now have gotten your points :D
I'll just leave you some reading material, if you don't know how to delete and change permissions.
* http://www.perlfect.com/articles/chmod.shtml
** http://www.computerhope.com/unix/urm.htm
If you don't know the root command, google superuser unix command.
Hope I helped some people who are/were stuck on this challenge, without spoiling it.
I actualy enjoyed wrting this :)
Let's get on.
Tools -
Mozilla firefox (This is the browser I used)
Firefox plugin called "RefControl"
Well, at the moment, progress.php doesn't open when you view the main page, so open it in a new tab. Read the page, view the source. First you have to discover their plans (objectives 1 and 2 are done at the same time).
Now what useful information have we got from that? Well, they seem to be communicating on the server.
Let's try to log in then.
Say you changed some things on a computer, and you left a little note about the changes. What would you call it?
The python is (allmost) irrelevant just one small thing is usefull, and it's near the bottom. Found it?
What's that? No admin login there? But there is a nice little link. *click*
Now, If you can't do this... Javascript 1-3 skills.
And I know it's just soo tempting to "detonate", but you know which one you have to chose.
Ooh! Look at the URL! Shell.php! But wait. You just got redirected. go back, and press esc after it has fully loaded, but before it redirects.
This is where most people get stuck (me included), so I'll go into just a bit more detail.
You need RefControl for this bit.
A few hints:
1.) It's the real shell that you're looking for, so maybe it could be called realshell...?
2.) Perhaps the maker thought it was leet...
3.) Perhaps the owner thought that the realshell's name took too long to type, and he had a busy schedule of blowing himself up to go to heaven to worry about!
What could clues 1 + 2 + 3 possibly give you?
Got it? I'll just assume you have.
If you have, it should just direct you back to the index.php for the secret mission 1.
Set RefControl to the URL of the actual shell, and then go to it in your browser.
Guest, are we? We can change that ;)
Let's become a super user (google it)!
Now that's out of the way, take a look around.
We might wanna change some permissions.*
And remove some files.**
Well, then. What files do we have? public? maybe that's where the site is stored.
Change access, and remove...
Oh sh...ugar!!! Sending logs!
Change and remove quickly!
If at this point you get the "all objectives not completed", go back (in a new tab) and do them.
Ooh! new convo window.
Now to report them.
Simple enough. Google the UNIX command to run a file like that.
Well, you should now have gotten your points :D
I'll just leave you some reading material, if you don't know how to delete and change permissions.
* http://www.perlfect.com/articles/chmod.shtml
** http://www.computerhope.com/unix/urm.htm
If you don't know the root command, google superuser unix command.
Hope I helped some people who are/were stuck on this challenge, without spoiling it.
I actualy enjoyed wrting this :)
Posted by 
