Post by DIzzIE on Aug 9, 2003 2:36:06 GMT -5
This is indeed an interesting site that encourages learning methods of bypassing weak web security (and thus raises awareness of a need for stronger protection schemes)
Having no explicit knowledge in this area, I was able to climb up to Level 5 in under 10 minutes. Here is the thought process I went through:
Level 1.
1) I selected everything on the page, in hopes of finding some hidden content (text, links, images). Nothing.
2) Seeing as how there was nothing hidden that was viewable on the site itself, perhaps there was something hidden in the source code of the page. Bingo
Level 2
1) Well, if the entered password is compared to a password in the mentioned text file, and the text file has not been uploaded, then surely any password would suffice? Nope.
2) Since any password combination did not work, then what about the other extreme, no password? (Since the text file is missing, then in essence no password was set).
Level 3
1) As the file ‘password.txt’ is mentioned, my immediate response was to check the source code for any reference to such a file. No dice.
2) A series of directories is mentioned as well, thus I tried appending the directories to the existing URL, with ‘password.txt’ at the end.
3) I noticed that /level3 was already in the original URL and so simply tried appending ‘password.txt’ to the original URL (/level3/password.txt)
4) The illusive password.txt still not being found, perhaps the password.txt was simply being stored in another level directory, and seeing as how the level we were trying to reach was 4, what would be the least likely place to search for the password.txt to be in? (The amateur, such as myself, erroneously assumes that you can’t access level 4, and thus doesn’t bother to look for the password.txt in its directory)
Level 4
1) Upon seeing the ‘send password to Sam’ button, I headed for the source code. Upon seeing the particular email address listed as the ‘value,’ I thought that I could just change the email to my own, and thus receive the password.
2) After the webpage was saved, so the email value could be modified, I got an error, when hitting the button on the modified page. Taking another look at the source code, I noticed that the form action field had ‘level4.php’ the last portion of the URL. The page being saved to my computer, the path ‘level4.php’ does not exist on it, thus I put in the entire URL into the action field.
Level 5
1) This Level appearing deceptively similar to Level 4, I tried the same steps, to no luck.
2) Upon seeing the hints posted here to use Java and/or Telnet, I did some Googling and found a few webpages describing commands that may prove useful: the Referer command, and the GET and POST commands. (http://coveryourasp.com/FormSubmit.asp and www.experts-exchange.com/Web/Web_Languages/PHP/Q_20460490.html ) Thus, this is where I currently am. Not much, but perhaps this has been of some help to somebody
Having no explicit knowledge in this area, I was able to climb up to Level 5 in under 10 minutes. Here is the thought process I went through:
Level 1.
1) I selected everything on the page, in hopes of finding some hidden content (text, links, images). Nothing.
2) Seeing as how there was nothing hidden that was viewable on the site itself, perhaps there was something hidden in the source code of the page. Bingo
Level 2
1) Well, if the entered password is compared to a password in the mentioned text file, and the text file has not been uploaded, then surely any password would suffice? Nope.
2) Since any password combination did not work, then what about the other extreme, no password? (Since the text file is missing, then in essence no password was set).
Level 3
1) As the file ‘password.txt’ is mentioned, my immediate response was to check the source code for any reference to such a file. No dice.
2) A series of directories is mentioned as well, thus I tried appending the directories to the existing URL, with ‘password.txt’ at the end.
3) I noticed that /level3 was already in the original URL and so simply tried appending ‘password.txt’ to the original URL (/level3/password.txt)
4) The illusive password.txt still not being found, perhaps the password.txt was simply being stored in another level directory, and seeing as how the level we were trying to reach was 4, what would be the least likely place to search for the password.txt to be in? (The amateur, such as myself, erroneously assumes that you can’t access level 4, and thus doesn’t bother to look for the password.txt in its directory)
Level 4
1) Upon seeing the ‘send password to Sam’ button, I headed for the source code. Upon seeing the particular email address listed as the ‘value,’ I thought that I could just change the email to my own, and thus receive the password.
2) After the webpage was saved, so the email value could be modified, I got an error, when hitting the button on the modified page. Taking another look at the source code, I noticed that the form action field had ‘level4.php’ the last portion of the URL. The page being saved to my computer, the path ‘level4.php’ does not exist on it, thus I put in the entire URL into the action field.
Level 5
1) This Level appearing deceptively similar to Level 4, I tried the same steps, to no luck.
2) Upon seeing the hints posted here to use Java and/or Telnet, I did some Googling and found a few webpages describing commands that may prove useful: the Referer command, and the GET and POST commands. (http://coveryourasp.com/FormSubmit.asp and www.experts-exchange.com/Web/Web_Languages/PHP/Q_20460490.html ) Thus, this is where I currently am. Not much, but perhaps this has been of some help to somebody