Page 1 of 2
Secure Room
Posted: Sat Nov 22, 2008 6:18 pm
by Allosentient
I am trying to do secure room. I was able to "login", but got "you have no secrets" which didn't work. If anyone can give me a hint as to if there is a specific approach I am missing, that would be really generous.
Posted: Sat Nov 22, 2008 7:48 pm
by gfoot
As the challenge description says, you have to log in as 'adum' in order to see his secrets.
Posted: Sat Nov 22, 2008 8:06 pm
by Allosentient
I just got it, it helps to actually look up the language being used
, and the hint helped too, thanks!
Posted: Tue Nov 25, 2008 2:52 pm
by m!nus
absolutely not worth difficulty 50, solved it in like half a minute, since my skills in that language/on that topic are a bit rusty
edit: ok, fort knox resists my skills, apparently they're too low
Posted: Tue Nov 25, 2008 6:14 pm
by gfoot
How do you find out the difficulty ratings?
Posted: Tue Nov 25, 2008 6:34 pm
by theStack
That was a nice one.
I have never approached that type of attack before so it took my quite a while, but it was fun.
Posted: Tue Nov 25, 2008 6:40 pm
by m!nus
gfoot wrote:How do you find out the difficulty ratings?
I wrote this
hacker.org challenge overview some time ago. Doesn't work atm but I will get the error fixed asap.
Posted: Tue Nov 25, 2008 7:13 pm
by gfoot
I don't really want to put my password into a third party site I'm afraid - is there some query I can run on hacker.org directly?
Posted: Thu Dec 04, 2008 8:00 pm
by m!nus
oh, sorry for not answering.
I get the data the same way the flash map gets it: as XML file
http://www.hacker.org/challenge/map/get.php
Posted: Sun May 30, 2010 3:03 am
by coolwhoop10
yeah, i'm pretty stumped. as far as i've seen, the source code is not much help, but i could be pretty off. any pointers for a noob?
Posted: Sun May 30, 2010 8:06 am
by laz0r
There are standard ways to circumvent login screens. Have you Googled that?
No Idea
Posted: Thu Dec 30, 2010 5:51 pm
by dj-boris
I'm trying to solve the Secure Room. I've tried to inject code, but it doesn't work. The sourcecode isn't helpful, and Login with SSH or FTP as Anonymous doesn't work. Can anybody give me a hint?
DJ Boris
Posted: Fri Dec 31, 2010 10:19 am
by MyNameIsAlreadyTaken
I've tried to inject code, but it doesn't work.
What code did you try to inject? This challenge isn't really complicated, you don't need any kind of software but your browser.
Posted: Fri Dec 31, 2010 1:08 pm
by dj-boris
I've tried to inject php codes like (With and without <?php ?>)
But it doesn't work, then I tried to Inject SQL Commands in "Password" like...
And it also doesn't work
Is my code a big fail or am I stupid??
Thank you, for your fast reply
Posted: Fri Dec 31, 2010 2:55 pm
by rmplpmpl
dj-boris wrote:I've tried to inject php codes like (With and without <?php ?>)
But it doesn't work, then I tried to Inject SQL Commands in "Password" like...
And it also doesn't work
Is my code a big fail or am I stupid??
Thank you, for your fast reply
You are pretty close, injection is a good way to hack this, perhaps you like to google some standard techniques on this?