yoyois Posted July 16, 2013 Report Share Posted July 16, 2013 (edited) Am inceput sa fac un mic website plin cu challengs care (sper eu) va vor amuza/ajuta sa va dezvoltati un spirit de hacker.Astept pareri (+ / -), eventuali parteneri etc.(odata cu zona access2 o sa introduc si un LFI si Advance SQLi) (Sistemul de hint-uri functioneaza).Three Zero Gamma by FCTIn stagiul actual ar trebui sa continuati pana vedeti textul "to be continue..."Solvers: - Edited July 17, 2013 by yoyois Quote Link to comment Share on other sites More sharing options...
yoyois Posted July 17, 2013 Author Report Share Posted July 17, 2013 Rezolvat si nivelul 2.Codul e cam dezorganizat dar se poate rezolva.Am adaugat un source code disclosure si un SQLi ce trebuie exploatat.Pentru access III cred ca o sa fac o alta baza de date. Daca aveti sugestii/probleme/ati rezolvat challenge-ul...PS: Am cam ramas in pana de idei Quote Link to comment Share on other sites More sharing options...
alinh0 Posted July 17, 2013 Report Share Posted July 17, 2013 Postez si eu aici sa te scutesc de triple post:)) mi se pare ca vorbesti singur.ON:vezi ca la access zone 1 da 404. Quote Link to comment Share on other sites More sharing options...
curiosul Posted July 17, 2013 Report Share Posted July 17, 2013 M-am uitat putin aseara si ma mai uit si acuma ca tot seara e.La level am gasit doar atat:Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/u524504470/public_html/level1.php on line 11 Wrong username or password! Mi-ar prinde bine un hint mai grosolan despre cum sa abordez situatia. Ziceai ceva de o sintaxa in hint. Este vorba de SQLi?PS: "Drag me around" ? Quote Link to comment Share on other sites More sharing options...
VaD_SuNeTe Posted July 18, 2013 Report Share Posted July 18, 2013 dami pm pentru un eventual partener. Quote Link to comment Share on other sites More sharing options...
yoyois Posted July 18, 2013 Author Report Share Posted July 18, 2013 Mi-ar prinde bine un hint mai grosolan despre cum sa abordez situatia. Ziceai ceva de o sintaxa in hint. Este vorba de SQLi?PS: "Drag me around" ?Drag me around inseamna ca boxu-ul nu e fix cu e draggable.Cat despre level1. Am spus sa ca se rezolva prin bypass. E ceva de genul SELECT * FROM x where username='$y' and password='$z'...if($count==1)Ai la dispozitie 16 caractere sa faci SQLi bypass. (PS logati-va cu id=1 altfel va impotmoliti) Quote Link to comment Share on other sites More sharing options...