Tuesday, September 30, 2014 Login · Register
    Login
Username

Password


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.

 

    Users Online
  • · Members on IRC: 34   
  • · Total Members: 16,377
  • · Newest Member: taby
  •  

     

        Related Ads
     

     

     

        Top 10 Forum Posters
    UserPosts
    bluechill1411   
    madf0x1291   
    cruizrisner1062   
    Qwexotic1034   
    Null Set870   
    Override604   
    auditorsec603   
    godofcereal599   
    TurboBorland585   
    Teddy477   
     

        Affiliates




  • iExploit


  • iExploit


  • WeChall





  • Thisislegal.com

  •  

        Related Ads
     

    View Thread
         
    Security Override Hacking Challenges Realistic Hacking Challenges
    Real 7
    Register FAQ Members List Today's Posts Search

    Print Thread
    10-07-2011 07:07 PM Real 7
    I dont know who coded realistic nr 7, but thank you for a great challenge Smile

    I just finished it, and I learned a few things underway. Was a lot of fun Smile
    I think its good this one is not spoiled here on the forums. In this one you can actually experiment your way to the answer, because you get feedback from the site.

    - lax
     
    Offline
    10-07-2011 07:14 PM RE: Real 7 | Edited by Guest 10-07-2011 07:16 PM
    Lax wrote:
    I dont know who coded realistic nr 7, but thank you for a great challenge Smile


    I did, thanks. Very much appreciated.

    Edit: And congratz to you challenge spree Wink
     
    Offline
    10-20-2011 10:27 AM RE: Real 7 | Edited by Null Set 10-20-2011 01:05 PM
    Hey everyone,

    Just wondering if somebody can point me to some good tutorials or maybe give a little clue?

    I have found the inject point, and think i need to use the <spoiler removed - Null Set> to run phpinfo()...
    I figure that if its coded like this:
    <spoiler removed - Null Set>

    I have read through a few regex tutorials but everything i come up with so far seems to fail.
    I think the closest I have got is "<spoiler removed - Null Set>" as hat didnt come up with an error, but still didnt work.

    Am i on the right track in thinking I have to match the text first then execute phpinfo()?

    Any hints/tutorials would be greatly appreciated.

    Regards,
    TransaeriS//
     
    Offline
    10-20-2011 10:35 AM RE: Real 7 | Edited by Guest 01-01-2013 03:50 PM
    Well, your problem is, that your injected string is no valid PHP code.
    And please, for god sake, remove all those spoilers from your post
     
    Offline
    04-07-2012 12:30 PM RE: Real 7
    My problem is, I just don't know what this challange is expecting from me, i tried to find an xss exploit, what i didn't found yet, but if i find one, i'll be just like, ok and what to do now... can someone maybe explain what this challange is expecting from me, and if it actually has to do with xss?
     
    Offline
    06-17-2012 07:11 PM RE: Real 7
    Hi,

    I have found the inject point too but... Any hint ?

    Thanks





     
    Offline
    07-23-2012 02:50 PM RE: Real 7
    Hello everyone!

    I was struggling with this one for like two days but with no luck. Sad
    I have used some different techniques and tried some stuff but the truth is am kinda lost. ^^
    Can some one give me a nudge just to understand what I am dealing with here?
    Is this mission related to XSS?

    Thanks!
     
    Offline
    09-14-2012 04:36 AM RE: Real 7
    I've tried this for weeks now.
    I did find "Preg" weeks before.
    Still can't exploit it.
    Can someone help me ??
     
    Offline
    09-14-2012 05:53 AM RE: Real 7 | Edited by Guest 09-14-2012 05:57 AM
    Zonta: PM me with what you are trying, and we will see what we can do.

    To answer some of the previous questions:

    1) The challenge expects you to execute phpinfo() on the page. Read the description.
    2) If you found the injection point you gotta determine what kind of code might be behind that, and then research for possible exploitation techniques
    3) There are some hints in the challenge. They are pretty obvious, see them.
     
    Offline
    09-14-2012 11:32 AM RE: Real 7
    PublicEnemy wrote:
    Zonta: PM me with what you are trying, and we will see what we can do.

    To answer some of the previous questions:

    1) The challenge expects you to execute phpinfo() on the page. Read the description.
    2) If you found the injection point you gotta determine what kind of code might be behind that, and then research for possible exploitation techniques
    3) There are some hints in the challenge. They are pretty obvious, see them.


    I've already PM'ed you. Thanks
     
    Offline
    01-01-2013 09:24 AM RE: Real 7
    I have been trying this for a while. I know the php funciton behind the scenes and I also know the modifier tag to be used in the injection. But, somehow having the regex be also a valid php code is not working for me. Can I pm someone who have solved the challenge to show what I have done so far?
     
    Offline
    01-01-2013 09:44 AM RE: Real 7
    You can PM me
    Join our IRC channal! irc.evilzone.org #Evilzone #SecurityOverride

    This dude doesn't answer to PM..no matter how special you think you are...sry

    "With great power comes great responsibility"
     
    Offline
    01-21-2013 10:23 AM RE: Real 7
    Hi,

    I've been at this for a few days and I think I'm close. I just can't seem to get the syntax right. Can I pm someone for some help on this ?

    Cheers Smile
     
    Offline
    02-22-2013 04:37 AM RE: Real 7
    What can I say? Since starting this one I have not had to visit my therapist :-)

    Can I qualify something? Am i right in saying there are two 'changes' needed to get the injection to work, the second of course being phpinfo()?

    I might look vague but that is my er, regular expression !
     
    Offline
    02-22-2013 12:59 PM RE: Real 7
    you need to combine your ideas in one change, Ohb1
     
    Offline
    02-22-2013 01:32 PM RE: Real 7
    @OhB1
    Hint:content of your f13460bd46c28e73e8d2b6122bea2241 injection.
     
    Offline
    05-25-2013 11:50 PM RE: Real 7
    any source...article..and other reading material suitable for this challenge...i really appreciate it...thanks in advance...Godspeed
     
    Offline
    05-30-2013 05:57 AM RE: Real 7 | Edited by tiburtio 05-30-2013 07:17 AM
    gosh....i been stuck with this level for almost a week now...and what i found was all about preg_replace function...i know about how to inject the particular modifier...but i do know what are the variables for such patterns and replacements....any hint would be much appreciated...
     
    Offline
    05-30-2013 01:03 PM RE: Real 7
    Keep in mind what is the mission goal.
    You can separate different search strings using |
     
    Offline
    08-20-2013 08:34 AM RE: Real 7 | Edited by Teddy 08-20-2013 09:13 AM
    Hi all,

    I think I found the vulnerability, but my injection isn't working for some reason. Any help would be greatly appreciated Smile

    Deleted Spoiler by Teddy

    ~tsh
     
    Offline
    Jump to Forum:
    Forum powered by fusionBoard