x2600
8 years ago

0

We begin again with another real challenge. Good luck

##SUPER PHREAKeH[/center] ## ;) ;) ;) [center]###SO PHREAKeH IT HERTZ

Mugi [Mugiwara27]
8 years ago

0

Happy to see new chall !

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

SIGKILL [r4v463]
8 years ago

0

Yes good luck everyone ;)

f0rk [HackingGuy]
8 years ago

0

Im soo ready :)
Good luck!

There’s no place like 127.0.0.1

cn9 [1337boy]
8 years ago

0

the question is
is it harder than crypt 9??

WaRWolFz crew

f0rk [HackingGuy]
8 years ago

0

Probly not.
Or maybe, lets figure out.

There’s no place like 127.0.0.1

cn9 [1337boy]
8 years ago

0

today i got contributor medal so i’m happy with it for now ahha

WaRWolFz crew

x2600
8 years ago

0

Oh god I hope not. haha

##SUPER PHREAKeH[/center] ## ;) ;) ;) [center]###SO PHREAKeH IT HERTZ

Luke [flabbyrabbit]
8 years ago

0

I just realised I missed out a fairly important piece of information :p you need to try and login as the user ‘memtash’.

SIGKILL [r4v463]
8 years ago

0

Thanks for the hint :D

x2600
8 years ago

0

well damn hahah! that’s kinda important

##SUPER PHREAKeH[/center] ## ;) ;) ;) [center]###SO PHREAKeH IT HERTZ

f0rk [HackingGuy]
8 years ago

0

Lol, I was wondering. xD

There’s no place like 127.0.0.1

? [bolofecal]
8 years ago

2

@flabbyrabbit take off the sql injection protection :p

?

SIGKILL [r4v463]
8 years ago

0

Yes XD

f0rk [HackingGuy]
8 years ago | edited 8 years ago

0

OMG Yes xD
Revolucion!

There’s no place like 127.0.0.1

Mugi [Mugiwara27]
8 years ago

0

Who made the level?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

b1nary
8 years ago

0

god damn it flabby i been trying as “admin” and “administrator” lol

x2600
8 years ago

0

^^ You’re not the only one b1nary

##SUPER PHREAKeH[/center] ## ;) ;) ;) [center]###SO PHREAKeH IT HERTZ

Time Void [Chronon]
8 years ago | edited 8 years ago

0

*stares at the source code…………

I know @dloser already know the solution…. He’s just… Letting us to be the first

##;6986 VPDSICV

f0rk [HackingGuy]
8 years ago

0

Lhh. How nice.

There’s no place like 127.0.0.1

x2600
8 years ago

0

I have the username and the password:

made you look

But it doesn’t seem to be working.

##SUPER PHREAKeH[/center] ## ;) ;) ;) [center]###SO PHREAKeH IT HERTZ

b1nary
8 years ago

3

lol literaly me looking at the source code past few hours

Time Void [Chronon]
8 years ago

0

^^^
^^^
*waiting for @dloser to complete it

##;6986 VPDSICV

dloser
8 years ago

0

And I was waiting for flabby to give us the username. Guess we’re done here. Close it up!

Time Void [Chronon]
8 years ago | edited 8 years ago

0

LOL YOU ALREADY COMPLETED IT
help me sensei

##;6986 VPDSICV

SIGKILL [r4v463]
8 years ago

0

Nice job dloser XD now you got your 1st place back :p

Luke [flabbyrabbit]
8 years ago

1

It wouldn’t be a new level without me making it more difficult than it needs to be :p

cn9 [1337boy]
8 years ago

0

Dloser has already solved real 8 too

WaRWolFz crew

TH3 Cr3aToR [L3gand]
8 years ago

0

@1337boy Real 8 ???

SIGKILL [r4v463]
8 years ago

1

dloser live in the future :p

TH3 Cr3aToR [L3gand]
8 years ago

0

hahaha, that’s funny. who is dloser really ?? can the satellite track him?

SIGKILL [r4v463]
8 years ago

0

There are several theory about dloser, some says that he’s an AI, but nobody know the truth!

Time Void [Chronon]
8 years ago

0

An AI ??? Pffft, he’s the creator of AI

##;6986 VPDSICV

x2600
8 years ago

0

He’s actually a quantum computer-based AI.

##SUPER PHREAKeH[/center] ## ;) ;) ;) [center]###SO PHREAKeH IT HERTZ

Time Void [Chronon]
8 years ago | edited 8 years ago

0

With a satelite integrated system
No… Not a satelite…. A lot of satelite

And dont forget a giant spacestation with some of his server inside

##;6986 VPDSICV

SIGKILL [r4v463]
8 years ago

0

With HAL 9000 integrated :p

Time Void [Chronon]
8 years ago | edited 8 years ago

0

HAL 9000 ? pffft, that was just a javascript:alert("junk") for him

##;6986 VPDSICV

x2600
8 years ago

0

It’s funny because at this point it is difficult to tell what a spoiler would be to the challenge.

##SUPER PHREAKeH[/center] ## ;) ;) ;) [center]###SO PHREAKeH IT HERTZ

f0rk [HackingGuy]
8 years ago

0

Spoiler:

PHP

There’s no place like 127.0.0.1

SIGKILL [r4v463]
8 years ago

0

Omagad flag + remove spoiler + lifeban !!!!

? [bolofecal]
8 years ago

0

Thanks @HackingGuy I was trying searching some vulnerability in css file.

?

f0rk [HackingGuy]
8 years ago | edited 8 years ago

0

Anytime @bolofecal ;)

There’s no place like 127.0.0.1

Time Void [Chronon]
8 years ago

0

Hint :

look at the source code

##;6986 VPDSICV

Markb2
8 years ago

2

I’m just gonna leave this here, lol…

http://codereview.stackexchange.com/questions/133937/is-this-php-code-vulnerable-to-some-attack

The first sentence both makes me smile and cry at the same time: “So I’ve made a PHP code for a login form. But i am not sure if this code was that safe, because i am not a security expert.”.

Markb2
8 years ago

0

Oh, if you are like; What is this? Just look at the creator of the post :p

Mugi [Mugiwara27]
8 years ago

1

lol that’s beautiful Markb2
But how did you find it by yourself ? ;)

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1

? [bolofecal]
8 years ago

0

Probably a “Social engeenering method” will be created in solution thread.

?

Markb2
8 years ago

0

@Mugiwara27, I found it to be the third hit on google when searching for “md5(openssl_random_pseudo_bytes(32)); vulnerability” ;).

Was just googling for the inner working of pieces of the code, since my coding and code review skills are awfull.. :p

And so it begins

FOSS login

0

0

0

0

0

0

0

0

0

0

0

0

2

?

0

0

0

0

0

0

0

0

3

0

0

0

0

1

0

0

1

0

0

0

0

0

0

0

0

0

0

0

?

0

0

2

0

1

0

?

0