| Author |
basic 23 |
FlaKe
Member
Posts: 106
Location: NoT FounD
Joined: 29.08.05
Rank: Elite |
|
a slight direction for this challenge please. my guess is there should be a admin panel somewhere and most probably its on show.php?page=(wtf here) any one who can lend a word of helpness
|
|
| Author |
RE: basic 23 |
kaksii
Member
Posts: 693
Location:
Joined: 20.11.06
Rank: God |
|
no
|
|
|
| Author |
RE: basic 23 |
FlaKe
Member
Posts: 106
Location: NoT FounD
Joined: 29.08.05
Rank: Elite |
|
thanks for the one word. 
|
|
|
| Author |
RE: basic 23 |
dada85
Member
Posts: 26
Location: Bulgaria
Joined: 15.02.07
Rank: Newbie |
|
I have this "You are on the right track, you just need to think of how you can exploit this vulnerability" but i don't see where is my mistake so i am really stuck.
 |
![]KoLeGaTa[](../fusion_themes/HBH/forum/icq.gif) ![]KoLeGaTa[](../fusion_themes/HBH/forum/msn.gif) ![]KoLeGaTa[](../fusion_themes/HBH/forum/yahoo.gif)
|
| Author |
RE: basic 23 |
The_Cell
Member
Posts: 306
Location: Belgium
Joined: 07.04.05
Rank: God |
|
dada85 wrote:
Too big spoiler i think 
That's not a spoiler.. that's a walkthrough 
Could an admin or a moderator please edit that post?
Made by Monster
Hacking is creativity. - The_Cell
|
|
|
| Author |
RE: basic 23 |
dada85
Member
Posts: 26
Location: Bulgaria
Joined: 15.02.07
Rank: Newbie |
|
The_Cell wrote:
dada85 wrote:
Too big spoiler i think
That's not a spoiler.. that's a walkthrough
Could an admin or a moderator please edit that post?
Did you read desperanto's post before he edited it ?
|
|
|
| Author |
RE: basic 23 |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
done 
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
| Author |
RE: basic 23 |
The_Cell
Member
Posts: 306
Location: Belgium
Joined: 07.04.05
Rank: God |
|
|
dada85 wrote:
Did you read desperanto's post before he edited it ?
I did mean that post but quoting it yet again seemed a bit pointless 
Made by Monster
Hacking is creativity. - The_Cell
|
|
|
| Author |
RE: we're looking for... |
mido
Member
Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank: God |
|
PHP S**** Try Googling iT !!
|
|
|
| Author |
RE: basic 23 |
bigggnick
Member
Posts: 588
Location: the moon
Joined: 25.08.05
Rank: God |
|
lol, how can we google it if all we know is php S?
fuck this.
Edited by bigggnick on 09-06-07 21:58 |
|
|
| Author |
RE: basic 23 |
slpctrl
Member
Posts: 945
Location: 2147483647
Joined: 19.04.07
Rank: God |
|
|
bigggnick wrote:
lol, how can we google it if all we know is php S?
lol qft. I thought he was referring to a PHP [spoiler], but it could be a number of things. :[
[spoiler removed by Richo]
Edited by richohealey on 11-06-07 05:09 |
|
|
| Author |
RE: basic 23 |
mido
Member
Posts: 613
Location: Cairo, Egypt
Joined: 27.01.07
Rank: God |
|
lol...guess
|
|
|
| Author |
RE: basic 23 |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
well you're googling for the sensible thing to upload when you find RFI
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
|
| Author |
RE: basic 23 |
richohealey
Python Ninja
Posts: 1020
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank: Ninja |
|
fiixed spoiler.
Think hard before posting
blog.psych0tik.net
Nice one R3l3ntl3ss^^
|
|
|
| Author |
RE: basic 23 |
The_Cell
Member
Posts: 306
Location: Belgium
Joined: 07.04.05
Rank: God |
|
|
moshbat wrote:
i googled RFI or LFI and all i got was a load of different exploits for yahoo webcam 8.1
could anyone tell me (or at least hint) what i am supposed to do?
Why don't you look up what RFI stands for and look how it is being used in the exploits...
Made by Monster
Hacking is creativity. - The_Cell
|
|
|
| Author |
RE: basic 23 |
lesserlightsofheaven
Member
Posts: 723
Location: EAX
Joined: 02.11.06
Rank: God
Warn Level: 30
|
|
this had me confuzzled for a while.
I knew exactly how the exploit worked, just not what it wanted.
mido gave the best hint, there's the right number of *'s in the word.
the way I completed it, it utilizes a common s****.
"'Following a telephone line north, I have come upon some wonderful places,' continued the repairman. 'Swamps where cedars grow and turtles wait on logs but not for anything in particular; fields bordered by crooked fences broken by years of standing still; orchards so old they have forgotten where the farmhouse is. In the north I have eaten my lunch in pastures rank with ferns and junipers, all under fair skies with a wind blowing. My business has taken me into spruce woods on winter nights where the snow lay deep and soft, a perfect place for a carnival of rabbits. I have sat at peace on the freight platforms of railroad junctions in the north, in the warm hours and with the warm smells. I know fresh lakes in the north, undisturbed except by fish and hawk and, of course, by the Telephone Company, which has to follow its nose. I know all these places well. They are a long way from here--don't forget that. And a person who is looking for something doesn't travel very fast.'" |
|
|
| Author |
RE: basic 23 |
nights_shadow
Member
Posts: 856
Location: /var/log/messages
Joined: 30.12.04
Rank: God |
|
|
moshbat wrote:
why does system allways make challenges that confuse me.
am i supposed to be looking in **c/passwd or /shad** ???
and the directory transversals confused me :S
It's not LFI
 |
|
|
| Author |
RE: basic 23 |
SySTeM
-=[TheOutlaw]=-
Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank: The Overlord |
|
|
moshbat wrote:
why does system allways make challenges that confuse me.
am i supposed to be looking in **c/passwd or /shad** ???
and the directory transversals confused me :S
Erm, I didn't make this challenge...
|
|
|
| Author |
RE: basic 23 |
mr noob
Member
Posts: 553
Location:
Joined: 22.01.06
Rank: HBH Guru
Warn Level: 1
|
|
its a PHP S**** that the challenge checks for i believe
as DigitalFire kindly pointed out, he is a grammar nazi  |
|
|
| Author |
RE: basic 23 |
slpctrl
Member
Posts: 945
Location: 2147483647
Joined: 19.04.07
Rank: God |
|
|
mr noob wrote:
its a PHP S**** that the challenge checks for i believe
So you need to use a real php s****?
Edited by slpctrl on 11-06-07 04:52 |
|
|
Main:
