hacker.org

The Hacker's Home
https://www.hacker.org/f3/

Secure Room

https://www.hacker.org/f3/viewtopic.php?t=1043

Page 2 of 2

Posted: Fri Dec 31, 2010 3:13 pm
by dj-boris
Jackpot, after trying and trying, I got it :-) , it needs just the right number of '
Thank you very much!

Posted: Sat Oct 01, 2011 7:00 pm
by bspus
gfoot wrote:As the challenge description says, you have to log in as 'adum' in order to see his secrets.
I logged in as adum (and as someone else) and still get the no secrets treatment. I even got it to work with the user name field having just the word adum in it so that it will show properly on the next page.

I'm actually surprised this wasn't enough, not because it was hard but because I think I have done what I was required to do. What am I missing?

Posted: Sat Oct 01, 2011 7:49 pm
by DaymItzJack
bspus wrote:
gfoot wrote:As the challenge description says, you have to log in as 'adum' in order to see his secrets.
I logged in as adum (and as someone else) and still get the no secrets treatment. I even got it to work with the user name field having just the word adum in it so that it will show properly on the next page.

I'm actually surprised this wasn't enough, not because it was hard but because I think I have done what I was required to do. What am I missing?
I think the answer to this challenge is the password, not positive though, I solved it awhile ago.

Posted: Sat Oct 01, 2011 8:40 pm
by bspus
DaymItzJack wrote:I think the answer to this challenge is the password, not positive though, I solved it awhile ago.
Even if I got the password, I would expect to log in and see the same "you have no secrets" message.
Considering that the challenge tells you not to try to "guess the password" as well as the fact that it asks you to break into his account and discover his "secret", it would be very misleading.

Posted: Sun Oct 02, 2011 7:36 pm
by DaymItzJack
bspus wrote:
DaymItzJack wrote:I think the answer to this challenge is the password, not positive though, I solved it awhile ago.
Even if I got the password, I would expect to log in and see the same "you have no secrets" message.
Considering that the challenge tells you not to try to "guess the password" as well as the fact that it asks you to break into his account and discover his "secret", it would be very misleading.
I managed to log into adums account and the secret was right in front of me. I don't know exactly what you're doing but there aren't any tricks or anything.

Posted: Tue Oct 04, 2011 3:53 pm
by bspus
I got in too by trying something slightly different. The thing is, it should have worked with my first method.
I believe the reason is that this is not a real vulnerability but just an exercise. The "exploit" is expected so it's all just make believe.
I 'll make a post in the solved section at some point to discuss it further.

edit: nevermind. My other method works now too. I wonder if something is changed

Posted: Wed Nov 07, 2012 8:18 pm
by Nquit
Aparently i must be stupid about Injections.. I can't get it to work.. and it's pissing me off.. Any who can help a nub?

Posted: Thu Nov 15, 2012 2:06 pm
by Nquit
I finally made it.. QUite easy now that i see how it's done

Posted: Mon Jan 12, 2015 11:03 pm
by Valar_Dragon
This is a great challenge! Once you figure it out it makes complete sense!

Does Secure Room still work?

Posted: Tue May 24, 2022 8:19 am
by SevenPlath
Hello! I got 500 Internal Server Error when visiting http://www.adum.com/secureroom/
Is this challenge still running?

Posted: Tue Jun 21, 2022 2:09 am
by AMindForeverVoyaging
You can try to send a mail to: adum (at) adum (dot) com
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited