NEED HELP | Defend the Web

[deleted user]
10 years ago

-3

HI IM COMPLETLY LOST IN THIS LEVEL I DONT KNOW WHY MODIFING FORM AT THE SEARCH.PHP ADDRESS AND NOT AT THE MAIN PAGE. WHAT IS THE “Q”. IVE ENTER /LEVELS/EXTRAS/B3.SWF TO THE ACTION METHOD. USING A RANDOM NAME INSTEED THE Q, ENTER 194175 FOR THE VALUE. IVE CHANGED GET TO POST. DO NOT WORKS
IVE USE TAMPER DATA TOO DO NOT WORKS. SEVERAL DAYS ON THIS LEVEL IM BUSY PLEASE EXPLAIN TO A NOVICE ONE HOW TO COMPLTE THIS F……G LEVEL.

Ammon Sprayberry [AlienWars]
10 years ago

0

Well it is the post method that I used what was the form that you used?

Please try this site. Props to @jayssj11! Looks good!
http://elitesforum.cu.cc/index.php

Reply has been removed

Ammon Sprayberry [AlienWars]
10 years ago

0

What was your form for the post method because there might be something wrong with it I just want to look it over and check for mistakes I’m trying to help you out here.

Please try this site. Props to @jayssj11! Looks good!
http://elitesforum.cu.cc/index.php

Reply has been removed

Ammon Sprayberry [AlienWars]
10 years ago

0

No its still POST method but I need to see the form you wrote associated with that method.

Please try this site. Props to @jayssj11! Looks good!
http://elitesforum.cu.cc/index.php

Reply has been removed

Wibben
10 years ago | edited 10 years ago

0

The name is what you call the information you’re trying to send to the scoreboard, not the player’s information
You can’t send information to a flash file so don’t try it. If you want to know where to send the information try to get an address (something will give you exactly where the information score is sent)

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

Reply has been removed

Wibben
10 years ago

0

Greyhatfool: I don’t think you should do that, there are enough hints to do it without just getting the answer

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

Abhi
10 years ago | edited 10 years ago

0

@cdde , good thing that you accepted that you couldn’t understand why you were doing so .
Now , I’ll just tell you. We use a form in html for many purposes. In this case too , we’ll be using a html form to send the input !!
Since , you have almost no knowledge about HTML forms , so I’ll tell you to learn about them.
Here , I’ll give you a link too.
http://www.w3schools.com/Tags/ref_httpmethods.asp
If you face any further difficulties regarding this topic….just use www.google.com !!
That’ll help you understand the HTML forms and methods nicely.
Good luck :)

“ENJOY LEARNING AS YOU HACK !! ”

? [dfalcon]
10 years ago

-3

even though hacking is mostly about knowing how to do something, you still need to use google a little bit to find things that you dont know yourself. like the answer for crypt 6

Reply has been removed

SFisher
10 years ago | edited 10 years ago

0

Do not use notepad. Read the other forum threads, and you’ll see this. You only need a browser like Firefox or Chrome with no addons or plugins. Forget Notepad and you’ll be fine. >> You have to investigate how to edit a page’s source on the fly, probably.

(PS [OFF TOPIC]: Does anyone know why dfalcon is getting so much negative karma? his posts look normal to me)

Sorry if that sounded stupid.
All your karamas are belong to us.

Cyan Wind [freewind1012]
10 years ago

0

@SFisher: @dfalcon received a lot of negative karma not because his post was bad, but because he spammed 2 first pages of the forum (20+ posts in a row).

@cdde: Your form is wrong. There are some rules to create a HTML form. Obviously, you can’t hack something without base knowledge (in this case, HTML). sigh

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

SFisher
10 years ago

0

Oh ok, I thought negative karma was only relevant to the post, not overall behaviour. Thanks, I just didn’t understand. XD

Sorry if that sounded stupid.
All your karamas are belong to us.

Reply has been removed

SFisher
10 years ago

0

You have to do it from the browser itself.
Please, read all the forum threads. :-) It will be a lot easier and we avoid unnecessary posts repeating the same things over and over.
Good luck! ;-)

Sorry if that sounded stupid.
All your karamas are belong to us.

SFisher
10 years ago | edited 10 years ago

0

Anyway and as I see this is going nowhere…….

THE SOLUTION

Edit, off-topic attachment: @freewind1012 it’s ok, I just thought it was a bug that a normal post was hidden due to negative karma.

Sorry if that sounded stupid.
All your karamas are belong to us.

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

Off-topic:

@SFisher: We are not so harsh when someone tries to increase his post count. However, there was a day when @dfalcon spammed 50 posts in a row to get Forum bronze medal. His posts are “I like cheese.” and “I don’t care what you guys warn. I like cheese.”.

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

Reply has been removed

Cyan Wind [freewind1012]
10 years ago

1

Don’t try to use Tamper Data. It confuses newbies a lot!!!

[quote=cdde]by editing html form or using an existent form and modify it.[/quote]
They are technically the same: Edit / Modify an existent HTML form. :|

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

Reply has been removed

Wibben
10 years ago

0

you need to input the score exactly as it it shown

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

Reply has been removed

? [dfalcon]
10 years ago

0

i dont think that tamper data still works.

? [dfalcon]
10 years ago

-1

i have just gotten confermation that the tanmper data method does not work with the new hackthis site

[deleted user]
10 years ago

0

good afternoon my friends i’ve decided to use the search bar adress to modifyng a form. i know i must learn more about html syntax rules but i don’t understand why using this page (search.php) to solve the level?

Wibben
10 years ago

0

you don’t use the page to solve the level, you must use your target page to solve it

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

[deleted user]
10 years ago

1

yes >> by doing a examinate element on the search bar and modify the form inside with the “q”,the action and method but i need to understand what i do and not just win medal. please man give the “philosophy” of the process.

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

Because it is the simplest way to submit your data to the server. Is it hard to see? Please tell me if you created a HTML form in your computer, how could you submit its data to HackThis!! server?

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

Wibben
10 years ago

1

“Oh where should I send this information?” “Over in this page right over here!”
“Oh how should I send it?” “Hmm, let’s see, first thing comes to mind is using a form”
“Which method would work though?” “I dunno, there’s only 2 so let’s try both”
“What should I call the information?” “Why not some generic name that comes to mind first?”
“Let’s test out the form, does it work?” “Maybe not”
“How ‘bout the other method?” “Alright done!”

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

[deleted user]
10 years ago

0

ah ok it is very interesting what you tell me. i thank you very much freewind.

[deleted user]
10 years ago

0

one more thing please; what the “q” letter refer to? there is nothing in the forum which explain that. i believe it is the “no result case” but ?? what doing? replace by “result found” maybe i don’t believe that :)

Wibben
10 years ago

1

the q is the name for the information sent to the server, in this case it’s short for question or query

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

Reply has been removed

Cyan Wind [freewind1012]
10 years ago

1

I already told you that you should try solve Intermediate Level 2, didn’t I?

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

Wibben
10 years ago | edited 10 years ago

0

Yes you are correct, try to edit some of that out because it is so much of a spoiler that it’s practically an answer, >> The q in the search form is what flabby decided to call the information sent to search.php, but you’re trying to send something else to another page, so you will need to rename the information You are on the right track so keep working! :)
EDIT: As freewind1012 says doing intermediate 2 helps a great lot

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

[deleted user]
10 years ago

0

ok i’ve deleted it thank you for quick answer

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

1

Is it really that hard? You should learn how to create a HTML form first (read this article). I can see that you are trying to learn something, but from the mid air. You should start from the base.

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

[deleted user]
10 years ago

0

ok freewind i’m going to read that thank you for help.

Mr R00ster [R00sterKing]
10 years ago

0

Off topic: i write it here because cdde mentioned tamper data… I’m not able to “use” tamper data… Can anybody tell me if it really works?

I apologize if sometimes I write in a mistaken english… I’m from Italy :)

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

0

99% of users confirm that Tamper Data is no longer useful.

So please don’t bring it up anymore.

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

Mr R00ster [R00sterKing]
10 years ago | edited 10 years ago

0

If this could be of help, I found a software called Fiddler that also do what tamper data is supposed to do… (tested) :)

I apologize if sometimes I write in a mistaken english… I’m from Italy :)

[deleted user]
10 years ago

0

i don’t find anywhere by what i must replace the “q” is it “movie” or “ file ” or “ /levels/extras/b3.swf ” ive read this: https://developer.mozilla.org/en-US/docs/Web/Guide/HTML/Forms/Sending_and_retrieving_form_data. and the forum but i don’t find the solution. can you tell me more?

SFisher
10 years ago

0

What are you trying to send using the form?
Q is for question, you have to think of what you’re uploading and replace the q with it.

Sorry if that sounded stupid.
All your karamas are belong to us.

[deleted user]
10 years ago

0

i’m trying to send a score isn’t it?

SFisher
10 years ago

0

You tell me, I’m not working on that level, you are! ;) So think and try, it’s ok if you’re wrong. But try. :-)

Sorry if that sounded stupid.
All your karamas are belong to us.

Mystery [kapuccino]
10 years ago | edited 10 years ago

1

Someone just gives @cdde a solution if he really wants it. IMO, this thread covers all aspects of a simple form and GET/POST methods as well. He is just too scared to test it by himself.

SFisher
10 years ago

0

I completely agree @kapuccino. The other threads have a lot of information as well and many of the questions asked here have been answered in the other threads.
But cdde has read them all! ;-) XD

Sorry if that sounded stupid.
All your karamas are belong to us.

Statey
10 years ago

0

no kapuccino dont give answers away! if you do once everybody wants to have answers withou doing anything.
but this site is for training purpose not scoring.

as already mentioned the forum has enough hints for everybody to solve the level even with a small amount of knowledge. if he doesnt read everything carefully its his own fault.

Reply has been removed

Statey
10 years ago

2

no conflict at all :D
just a discussion. no worries!

Reply has been removed

Wibben
10 years ago

0

there is something wrong with the address you’re sending the information to

**CLOSE** the thread after you're done!!! Crypt 7, the hardest and baddest so far. ![Image](https://www.hackthis.co.uk/user/hacking is about Knowledge and intuition/userbar.png)

Reply has been removed

Abhi
10 years ago

1

You practically got the answer without doing anything :/

“ENJOY LEARNING AS YOU HACK !! ”

6 replies have been removed

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

2

Fine. I will try to help you as much as possible without giving solution. Put that learning article aside, it’s time to practice.

GET method

//So you choose to send GET data via an URL and its parameters?  
/* For example: https://www.hackthis.co.uk/.../receive_data.php?username=Ryan */  
//The URL is https://www.hackthis.co.uk/.../receive_data.php so we need some PHP code in receive_data.php (assume that receive_data.php does exist) to retrieve GET data.  
$a = $_GET["username"]; //Why "username"? We need to retrieve data from the parameter (in the URL) named "username".  
$b = $_GET["password"]; //Why "password"?  We need to retrieve data from the parameter (in the URL) named "password".  

echo $a; //Print out "Ryan"  
echo $b; //Not print out anything because the parameter named "password" does not exist.  
[/spoiler]

POST method
[spoiler]
```
//So you choose to send POST data via a form and its input fields?
/
For example

/
//The URL is https://www.hackthis.co.uk/.../3.php so we need some PHP code in 3.php (assume that 3.php does exist) to retrieve POST data.
$a = $POST[“username”]; //Why “username”? We need to retrieve data from an input field which has attribute [name=“username”].
$b = $POST[“password”]; //Why “password”? We need to retrieve data from an input field which has attribute [name=“password”].

echo $a; //Print out “Ryan”
echo $b; //Not print out anything because the input field which has attribute [name=“password”] does not exist.
```

I know what your problem is. You actually did read something but you blindly follow the wrong instruction which is not right anymore. So that’s your fault.

Edit: Now you deleted your previous posts. That makes me feel so lame when reading this post again.

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

4 replies have been removed

Abhi
10 years ago

0

@cdde : Why don’t you have a good look at this article shared by @kapuccino in an earlier forum !!
This may help you in understanding a HTML form !!

“ENJOY LEARNING AS YOU HACK !! ”

Reply has been removed

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

2

This is my last post in this thread. May the force be with you.

Say, you want to send a letter (HTTP request) to Helen in Paris, France via a train. You have to know:
[list]
[] The right address (Paris, France). In this case, the right action.
[] The right name (Helen). In this case, the right name.
[] The right method (by train). In this case, the right method.
[] The right content (what you want to say and what she expects to read). In this case, the right value.
[/list]

If one is wrong, everything will get messed up.

![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)

[deleted user]
10 years ago

-1

ok but i think i ’ve lost my paper :)

[deleted user]
10 years ago | edited 10 years ago

-1

probably i’ve ate it. it is in my body

[IAmDevil]
10 years ago

1

Haha @freewind1012 has tried real hard to clear all doubts to anyone! This thread should be kept at the top to be referred. Nice work. ?

- @IAmDevil
Its good to be back! :D

[deleted user]
10 years ago

-1

thank to me :D