hacker.org Forum Index
RegisterSearchFAQMemberlistUsergroupsLog in
Inscrutable

 
Reply to topic    hacker.org Forum Index » Challenges View previous topic
View next topic
Inscrutable
Author Message
evilredi



Joined: 30 Oct 2008
Posts: 1
Location: Germany

Post Inscrutable Reply with quote
Hi,
can anybody give some hints about this challenge? ( I know probably 9 user could do Smile )

The first two (Secure Room and Forced entry) were no big problems for me but that seems much harder. I can't find a way to communicate with the Server or DB.
Is it in general the same way as the last two?


Thanks, anyway

greetings

evilredi
Thu Jan 29, 2009 1:57 am View user's profile Send private message
MerickOWA



Joined: 07 Apr 2008
Posts: 182
Location: HkRkoz al KuwaiT 2019 HaCkEr 101

Post Reply with quote
The problem is the same, the server is better about preventing error messages. You must find way to still extract the password without much if any indication as to success.
Thu Jan 29, 2009 11:17 pm View user's profile Send private message
m!nus



Joined: 28 Jul 2007
Posts: 202
Location: Germany

Post Reply with quote
putting /* causes "no comments" which looks like some error, but it makes totally no sense, can't do anything with it, and since # and -- dont work it is kinda very strange.
Sat Feb 14, 2009 10:34 pm View user's profile Send private message
MerickOWA



Joined: 07 Apr 2008
Posts: 182
Location: HkRkoz al KuwaiT 2019 HaCkEr 101

Post Reply with quote
I believe the server checks the input to the sql server and rejects certain patterns. /* comments must be one of them. BENCHMARK() is another no-no. Try something else Smile
Mon Feb 16, 2009 2:17 am View user's profile Send private message
m!nus



Joined: 28 Jul 2007
Posts: 202
Location: Germany

Post Reply with quote
i have no idea how to make it error other than via forbidden strings.
god damnit, why don't i know anyone with web/network security expierience
Sat Feb 21, 2009 11:31 pm View user's profile Send private message
theStack



Joined: 02 Nov 2008
Posts: 72

Post Reply with quote
After trying any username and password combination and submitting I get this:
Code:
Fatal error: Call to undefined function: stripos() in /home/.fabian/adum/html/adum/inscrutable/index.php on line 26

I guess this is a bug? Or is this indeed part of the challenge?
Sun Mar 08, 2009 3:06 am View user's profile Send private message
m!nus



Joined: 28 Jul 2007
Posts: 202
Location: Germany

Post Reply with quote
that's seriously strange, how can a function from the PHP core be missing
Sun Mar 08, 2009 2:19 pm View user's profile Send private message
theStack



Joined: 02 Nov 2008
Posts: 72

Post Reply with quote
m!nus wrote:
that's seriously strange, how can a function from the PHP core be missing

Since stripos() is only available from PHP 5 I guess adum (or the provider of the webspace) has changed back to an older version. Would be nice if that could be fixed!

In the meantime I try to improve my internet security skills in another way - at this point my skills would be too lame for the challenge anyway (regarding the other posts in this thread Wink )
Sun Mar 08, 2009 2:43 pm View user's profile Send private message
m!nus



Joined: 28 Jul 2007
Posts: 202
Location: Germany

Post Reply with quote
oh yeah, PHP 4.4.7 is installed (as seen in the server sig)
Sun Mar 08, 2009 4:00 pm View user's profile Send private message
adum



Joined: 19 Apr 2007
Posts: 391

Post Reply with quote
that should be fixed now... on php5 now.
Mon Mar 09, 2009 2:42 am View user's profile Send private message Visit poster's website
m!nus



Joined: 28 Jul 2007
Posts: 202
Location: Germany

Post Reply with quote
server sig says negative, still PHP 4, but it works now
Mon Mar 09, 2009 4:31 pm View user's profile Send private message
Display posts from previous:    
Reply to topic    hacker.org Forum Index » Challenges All times are GMT
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.