Government Security
Network Security Resources

Jump to content

Photo

Simple & Fun Challenges To Solve

- - - - - sql hash backdoor
  • Please log in to reply
34 replies to this topic

#31 webdevil

webdevil

    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 21 November 2008 - 10:28 PM

Very late but their 24th level seems to be broken virgoman.

#32 extreme

extreme

    Specialist

  • Sergeant Major
  • 615 posts

Posted 22 November 2008 - 06:49 AM

Definetlly tried zilions things with Level26.. Can't budge :/

P.S. Admin has put the solution to Level24 since the site is down...
САМО СЛОГА СРБИНА СПАСАВА

#33 webdevil

webdevil

    Retired GSO General

  • Sergeant Major
  • 1,195 posts

Posted 23 November 2008 - 12:13 PM

Any luck with level 26 extreme?

#34 extreme

extreme

    Specialist

  • Sergeant Major
  • 615 posts

Posted 23 November 2008 - 04:53 PM

Nope... I was pretty sure that we have to use the filemanager feature, and only feature is virtual editing of the files..

So, we can access this file:
http://hax.tor.hu/le...l26/users/admin
there is a function that checks if "cwd" value is allright..

so, if we try something like this:
http://hax.tor.hu/level26/filemanager/inde...46;/../
or this:
http://hax.tor.hu/le...hu/www/level26/
..it won't work..

I don't think it's steganography, or keeping data in EXIF area of the images...
САМО СЛОГА СРБИНА СПАСАВА

#35 Genesis

Genesis

    Private First Class

  • Members
  • 36 posts

Posted 01 December 2008 - 04:26 PM

These challenges are hella fun!
I'm going to learn some XSS and try again.





Also tagged with one or more of these keywords: sql, hash, backdoor