Author Topic: HackThisSite - Become a 1337 haxor! (Read 1752 times)

AutoBahn · January 08, 2015, 10:23:24 PM

Quote from: Swat 3 on January 08, 2015, 10:13:52 PM

i think we need an injector of sorts

[SPOILERS]SSI injection works well. I can only get it to  , though. It doesn't like added options like -l, either.[/SPOILERS]

Ad Bot · Advertisement

Honno · January 08, 2015, 10:24:42 PM

Lol you just discovered this?

Theres even more: http://www.enigmagroup.org/

-Setro- · January 08, 2015, 10:27:59 PM

6 is stumping me too.
[spoilers]
even with the encrypter, i cant find out how the hell they got the <'s in encryption. nothing i'm typing is turning into a <.
[/spoilers]

ßlöükfáce · January 08, 2015, 10:29:06 PM

i dont know stuff about code

Honno · January 08, 2015, 10:30:37 PM

Add the site I mentioned to the op please.

AutoBahn · January 08, 2015, 10:31:06 PM

Quote from: -Setro- on January 08, 2015, 10:27:59 PM

6 is stumping me too.
[spoilers]
even with the encrypter, i cant find out how the hell they got the <'s in encryption. nothing i'm typing is turning into a <.
[/spoilers]

[SPOILERS]It's in ASCII. Check an ascii table. hint: the encryption's ROT with an algebra equation.[/SPOILERS]

AutoBahn · January 08, 2015, 11:21:27 PM

[SPOILERS]So I did some research, and it seems like on the forum they want us to somehow view a specific directory with ls. I tried ls -d but that failed. Any ideas?[/SPOILERS]

Katla · January 09, 2015, 12:19:38 AM

Why are all of the JavaScript challenges so easy? The last two were the easiest, for that matter.

Tudoreleu · January 09, 2015, 10:38:38 AM

spoiler megathread

Becquerel · January 19, 2015, 07:58:39 AM

Bump
Sorry if I bumped this, but this topic is too cool to die.
AUTOBAHN
[SPOILER]Also, AutoBahn, you are partially correct, youre in the right direction with , but youre forgetting this: ../, so add that to look like  and it should work. if it does, then itll list the contents of the Root directory for basic 8, and there should be a file that has a name of several different charaters, ending with .php. take the entire file name, including .php and add it after the /8/ in the URL, like you did in Basic 3 and it should reveal the password[/ENDSPOILER]

SWAT 3

Quote from: Swat 3 on January 08, 2015, 10:13:52 PM

i think we need an injector of sorts

SPOILERYes, you need to inject an Server Side Includes codeENDSPOILER
SETRO

Quote from: -Setro- on January 08, 2015, 10:27:59 PM

6 is stumping me too.
[spoilers]
even with the encrypter, i cant find out how the hell they got the <'s in encryption. nothing i'm typing is turning into a <.
[/spoilers]

I believe theyre using a ROT Cipher coupled with an equation. Its important to have an ASCII table at hand, and take note the order of the characters, like whats first, whats second, etc.