What am I doing wrong?

SFisher
11 years ago | edited 11 years ago

0

Ok, guys. I read the other threads. I understood. I also read the pdf file from iluvz2sp00ge.
After hours of [s]messing up[/s] deep reflection, I came up with this:

<<<script>ipt>script>alert('HackThis!!');<<<script>ipt>/script>[/spoiler]
The output box shows the intended text.
I also had the same result using [spoiler]&lt instead of < Like someone said, it didn’t work. I understand this.
But I don’t understand why my first piece doesn’t do the thing, can anyone explain why the output is OK but the level isn’t?
I’m learning a lot here. Thanks everyone and thanks 0xDC.

  • Edited: typo.
43replies
9voices
352views
Nighttshad3
11 years ago | edited 11 years ago

0

As 0xDC said, undeundetectedtected. Just have a nice and hard think about it and you’ll eventually get it.

undeundetectedtected

Cyan Wind [freewind1012]
11 years ago | edited 11 years ago

0

@SFisher: Both of your solutions DID print the expact outputs like the requirement of this level, but only in “readable” perspective. I suppose “the output” will be compared with “the result”. If “the output” matches “the result”, you pass.
The latter:

&ltscript> is not same as <script>[/spoiler]
The former:
[spoiler]<<ipt>script> is not same as <script>

You can view source to see the differences in these cases.

SFisher
11 years ago

1

Thanks Wind. I’ll give it a couple tries. (“Couple” meaning >> orgy. I’m not sure I can post that, let me know if I can’t. xD)

*********** [ADIGA]
11 years ago

0

orgy = 3+

SFisher
11 years ago

0

I came up with >> an empty comment tag after the element that gets ‘banned’ by the filter.

Again it showed what I wanted but didn’t work. Hm…

daMage
11 years ago | edited 11 years ago

0

  1. Think about what is deleted/modified when you hit submit.
  2. Review what you are supposed to get through the filtering.
  3. If you still don’t get it, remember what @0xDC said
Cyan Wind [freewind1012]
11 years ago | edited 11 years ago

0

@SFisher: I really like your ideas which came up with the exact output (but they weren’t right, of course). Post it here like an another case, please? :p

apex123
11 years ago

0

Damn, this one is a pain in the arse. It’s a real facepalm moment when you getr it too, especially with all the >> undetundetectedected clues everywhere.

SFisher
11 years ago

1

Haha yes, I keep on thinking of all that, you’re repeating it over and over.
I’m still working on this and I think I’m learning quite a lot through research, solving the level is just an excuse. ;)
Thank you guys for your support on this! I’m enjoying this page a lot so I guess I should make an off-topic post thanking @flabbyrabbit for the site, and every user for making this a nice place to stay!
If I can think of more ways of getting the same output without solving the level, I’ll post them here for your enjoyment. xD

Nighttshad3
11 years ago

0

@apex123 I know right. I was like how did I overlook that.

@SFisher I’m glad your enjoying your time here :)

*********** [ADIGA]
11 years ago

0

i am sure that anyone who ever coded in php and tried to make something secure with str_replace() function will get this in no time…

for those who did not solve this yet, go to php.net and search for str_replace() function, do some reading and have some logic and you will get it.

done it in 5 min and 9 attempts :P

SFisher
11 years ago

0

I’ll check it.
Just for the sake of auto-humiliation, I’ll confess:

Attempts: 114

Time: about 2 days, probably a bit less.

:|

:D

Cyan Wind [freewind1012]
11 years ago | edited 11 years ago

0

@SFisher: Haha, it seems you have tried harder than me.
Attempts: 56 Duration: 14 days
I’m so lazy to view the hints. But I don’t refuse any interesting document.

*********** [ADIGA]
11 years ago

2

All i hope for is that while attempting all those attempts you have been doing some reading and gaining some info every few tries.

when i started all this, it was on another website, i remember it toke almost 4 years to finish most of what they have, and ended up learning php,C,C++ and PERL + using linux and become a webmaster/server admin/network admin/apps and network security senior.

by the way, all those i do for the same company and been doing it for 3 years so far.
so if you do not give up, you could end with a good job after all.

SFisher
11 years ago

0

I’m very much into Maths and computer science (call it whatever you want), and I know some basic C/C++, love learning things like those.
Yours is an interesting path @ADIGA, sounds very nice.
And yes I’m reading quite a lot about this, and discovered some interesting wikis.

Nighttshad3
11 years ago

0

Yeah It sounds like your going to fit in nicely.

@ADIGA: Nice work. Sounds quite interesting, I hope I end up able to get a job like that someday :)

And look this level is so easy you will be kicking yourself in the head when your done. Just try not to over think everything and just think about how you’re going to insert the

And remember to make it.

<Undetected> ;)

gta222
11 years ago

0

hey people
have prob with basic + level 2
this messge show’s up
“User agent not accepted, only secure_user_agent allowed”
help me plz
:)

apex123
11 years ago

0

gta222 Yeh, I can’t get that one to work either. Out of curiosity, what made you decide to post that here?

*********** [ADIGA]
11 years ago

0

gta222, and those who have no idea what to do.

the user agent is your browser info sent through the request header.
with every page you request, your browser will send its type and version.
each browser has its own user agent, now for you to pass this mission you will need to find a browser that sends secure_user_agent or try to manipulate that when requesting a page or even code a script that will initiate a connection to the server with that useragent.

the ways to do it are many, not saying an exact method though.

*********** [ADIGA]
11 years ago

0

oh fuck me, just noticed this is posted in the wwrong forum :(

apex123
11 years ago

0

[quote=author]oh fuck me, just noticed this is posted in the wwrong forum[/quote]
Hence my above reply :)

gta222
11 years ago

0

thnx i just make the same mistake o.O

*********** [ADIGA]
11 years ago

0

gta, where in the middle east are you?

Reply has been removed
gta222
11 years ago

0

i’m form north Africa.

*********** [ADIGA]
11 years ago

0

did notice from your pic, my guess was not that far :P

gta222
11 years ago

0

i'cant notice anythings from ur’s looool
what’s ur country ?!

*********** [ADIGA]
11 years ago

0

jordan, in the middle of the middle east

SFisher
11 years ago

0

ADIGA you’re from Jordan? Interesting, some really beautiful places out there.

*********** [ADIGA]
11 years ago

0

ever been to jordan?

Nighttshad3
11 years ago

0

Ahah I love how off topic this has gone :p


0

Yeah, me too. :p

0xDC
11 years ago

0

That’s the idea, to learn! And you’re all welcome! Keep it up and most of all, have fun! :)


0

why i cant get it complete??

<

plzzz help me with some clue

I gt stuck on this level.. thnks in advance!! :) :)

Reply has been removed
0xDC
11 years ago

0

ram.vinoth.71: You’re very close, try a few more combinations and see my “typo” in this thread….


0

0xDC : Thank u so much.. i completed this level. :) :)

0xDC
11 years ago

0

Nice! Congratulations! :)

SFisher
11 years ago

0

Well done @ram.vinoth.71 !!
I just gave this another try after some busy days, still working on it (yes). XD


0

@SFisher: Really? I thought you were just kidding me. :p

SFisher
11 years ago

1

XD
If the rabbit made a set of Slowman badges, I’d earn them all.


0

I really like your ideas in this level. I mean, maybe they aren’t right (as that rabbit expected) but you are the one who have found “another” solutions the most. xD

SFisher
10 years ago

0

Well. It’s been a loooooooong way… I left this level aside for one or two months (stopped reading documentation related to it) and just came in to give it another try.
I am not sure if the string I put is one of the 839482207 I put before, but it looks familiar as hell to me. Solved. Whatever went wrong with my head, I was overthinking this! XD I tried a few different options seconds ago, before solving, that were very similar to the actual solution. Maybe what I was putting there all this time was one of the ‘oh so close’ but still invalid options.
So this confirms something that was in my set of rules for a while: if you can’t solve a problem sometimes you have to step away from it a little, to have more perspective. And sometimes a break can be a good thing.

Thanks everyone for the nice advice. I learned a lot along the way (it’s been months!!). Thread closed.


0

Congrats to you @SFisher . Now that’s what I call a real man: 839482207 attempts.

P/S: Really? :o

SFisher
10 years ago

0

Haha not really.
Attempts: 187 Duration: 199 days
Apparently I didn’t close the thread properly, weird. Thread closed! (again)

Discussion thread has been locked. You can no longer add new posts.
1 of 44

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss