| |
|
jujishou
Registerd on: 01/01/1970, 04:00:00
Location:: Tokyo, Japan
Posts: 12
|
| |
|
|
|
 |
|
|
I've managed to break in to the newest user's account and I was able to change his personal data. I was also able to receive emails of lost password. But the thing is I can't figure out where to go from here. Moreover, the email I got is PLAIN BLANK! There's no such thing looks like password!!
Now where to go?
My position is I've just broke in to the newest member's account...
|
|
|
| |
|
|
jujishou
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12
|
| |
|
|
|
|
|
|
Where is everybody? Gone fighting with Hezbollah?
Oh my god, it's too quiet around here...
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 31
|
| |
|
|
|
|
|
|
No body is here....
This project almost die :'(
|
|
|
| |
|
|
atreyu
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
| |
|
|
|
|
|
|
every time I connect there are new users!
if people dont come to the forum they are very clever...
or they have not a clue about what to ask
|
|
|
| |
|
|
jujishou
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12
|
| |
|
|
|
|
|
|
OK.
How about hints for Proxy Mania?
|
|
|
| |
|
|
codingr
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 91
|
| |
|
|
|
|
|
|
| jujishou: | OK.
How about hints for Proxy Mania? |
How about trying to attack the update sequence?
moreover, i suggest that (after you have managed to figure out how to attack the update sequence) you'll check the admin's name.
By the way, i am sorry (if you are still here of course) about the silence, its just that we dont have a lot of time.
cp77fk4r dont have time at all, B~HFH is busy most of the time and i also dont have a lot of time.
Edit by : codingr At 22/08/2006, 13:46:56
Edit by : codingr At 23/08/2006, 17:35:26
|
|
|
| |
|
|
jujishou
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12
|
| |
|
|
|
|
|
|
Thanks. I didn't think you're just busy. I was worried too much about the damn battle.
Anyway thanks for your hint. I'll try.
|
|
|
| |
|
|
atreyu
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
| |
|
|
|
|
|
|
Hello!
I'm in the update sequnce with SQL Server errors, trying [rot13 HINT]pbzzrag naq zhygvcyr fdy fgngrzragf nggnpxf[/] with no luck :/ Every time I get 'Unclosed quotation mark before the character string', even when quotes are balanced.
Any hint but 'keep trying'?
Thanks
Edit by : atreyu At 28/08/2006, 02:14:53
Hmmm, I got something new but now I dont even get the user's mail... I already had that, what's up?
Edit by : atreyu At 02/09/2006, 07:36:40
OK, some [big] delay in mail delivery system, please forget my previous comment
Edit by : atreyu At 02/09/2006, 17:35:57
|
|
|
| |
|
|
atreyu
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 11
|
| |
|
|
|
|
|
|
from mission:
please hack into the proxy server site logs and find the bastard's real ip.
the crime took place at : 16/10/2004, 18:53
I have two proxy logs at 16/10/2004, 18:53
The answer isn't any of the logs IP, and there is an "On/Off Proxy Server" option in Admin Control Panel. I have to shut down the proxy that bastard is using?
|
|
|
| |
|
|
n0-0ne
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 4
|
| |
|
|
|
|
|
|
managed to find the hole in the update form
but for some reason all i get is this damn quoet error
even when its ok.
and for some reason the e-mail I'm trying to give to the admin
is shown on top of the error like there is some special refernce to it
but I get no mails
some hint would be helpfull
|
|
|
| |
|
|
Avidor93
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 31
|
| |
|
|
|
|
|
|
I succeed to get to the admin panel, I am stuck here.
There is logs, And i found the 2 sentences in that hour.
There is option to shut down the proxy, but i can't shutdown it, i dont know how, there is no sql injection or something =\
I understand who is the log describing the people i searching.
(By the id, ID 2 & 3 in the logs, 2 - admin, so 3 = the people)
but to see the details about him i need his name.
So what i am doing now?
Please hint!
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
Avidor93, your mission is not to take off the proxy server, your mission is to get the REAL Attaker's IP.
|
|
|
| |
|
|
jujishou
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12
|
| |
|
|
|
|
|
|
Oh hi cp nice to see you again!
I'm still stuck here because Admin login isn't vulnerable to SQL injection.
Oh wait, I think I've got an idea hehe...
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
hint? "Chaining" you know what it's mean?
Good luck!
|
|
|
| |
|
|
jujishou
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 12
|
| |
|
|
|
|
|
|
That's odd...
The security hole used to be working is no more!
Have it been patched?
|
|
|
| |
|
|
cp77fk4r
Global Admin
Registerd on: 01/01/1970, 04:00:00
Location::
Posts: 621
|
| |
|
|
|
|
|
|
Send me your problem in pm and i'll try to help you.
|
|
|
| |
|
