Secure Room

dj-boris · Post by **dj-boris** » Fri Dec 31, 2010 3:13 pm

Jackpot, after trying and trying, I got it

, it needs just the right number of '
Thank you very much!

bspus · Post by **bspus** » Sat Oct 01, 2011 7:00 pm

gfoot wrote:As the challenge description says, you have to log in as 'adum' in order to see his secrets.

I logged in as adum (and as someone else) and still get the no secrets treatment. I even got it to work with the user name field having just the word adum in it so that it will show properly on the next page.

I'm actually surprised this wasn't enough, not because it was hard but because I think I have done what I was required to do. What am I missing?

DaymItzJack · Post by **DaymItzJack** » Sat Oct 01, 2011 7:49 pm

bspus wrote:
gfoot wrote:As the challenge description says, you have to log in as 'adum' in order to see his secrets.
I logged in as adum (and as someone else) and still get the no secrets treatment. I even got it to work with the user name field having just the word adum in it so that it will show properly on the next page.

I'm actually surprised this wasn't enough, not because it was hard but because I think I have done what I was required to do. What am I missing?

I think the answer to this challenge is the password, not positive though, I solved it awhile ago.

bspus · Post by **bspus** » Sat Oct 01, 2011 8:40 pm

DaymItzJack wrote:I think the answer to this challenge is the password, not positive though, I solved it awhile ago.

Even if I got the password, I would expect to log in and see the same "you have no secrets" message.
Considering that the challenge tells you not to try to "guess the password" as well as the fact that it asks you to break into his account and discover his "secret", it would be very misleading.

DaymItzJack · Post by **DaymItzJack** » Sun Oct 02, 2011 7:36 pm

bspus wrote:
DaymItzJack wrote:I think the answer to this challenge is the password, not positive though, I solved it awhile ago.
Even if I got the password, I would expect to log in and see the same "you have no secrets" message.
Considering that the challenge tells you not to try to "guess the password" as well as the fact that it asks you to break into his account and discover his "secret", it would be very misleading.

I managed to log into adums account and the secret was right in front of me. I don't know exactly what you're doing but there aren't any tricks or anything.

bspus · Post by **bspus** » Tue Oct 04, 2011 3:53 pm

I got in too by trying something slightly different. The thing is, it should have worked with my first method.
I believe the reason is that this is not a real vulnerability but just an exercise. The "exploit" is expected so it's all just make believe.
I 'll make a post in the solved section at some point to discuss it further.

edit: nevermind. My other method works now too. I wonder if something is changed

Nquit · Post by **Nquit** » Wed Nov 07, 2012 8:18 pm

Aparently i must be stupid about Injections.. I can't get it to work.. and it's pissing me off.. Any who can help a nub?

Nquit · Post by **Nquit** » Thu Nov 15, 2012 2:06 pm

I finally made it.. QUite easy now that i see how it's done

Valar_Dragon · Post by **Valar_Dragon** » Mon Jan 12, 2015 11:03 pm

This is a great challenge! Once you figure it out it makes complete sense!

SevenPlath · Post by **SevenPlath** » Tue May 24, 2022 8:19 am

Hello! I got 500 Internal Server Error when visiting http://www.adum.com/secureroom/
Is this challenge still running?

Tue Jun 21, 2022 2:09 am

You can try to send a mail to: adum (at) adum (dot) com

hacker.org

Secure Room

Does Secure Room still work?