|
This is Unix! I know this!
|
#
?
Feb 2, 2016 06:00
|
|
|
|
| # ? Apr 19, 2024 21:55 |
|
|
- 8 year old girl
|
|
#
?
Feb 2, 2016 06:04
|
|
|
what username/password gave you the muggle endpoint?
|
|
#
?
Feb 2, 2016 06:11
|
|
|
I hope a web version comes out so I can play along at home.
|
|
#
?
Feb 2, 2016 06:13
|
|
|
turn it off then turn it back on again
|
|
#
?
Feb 2, 2016 06:23
|
|
|
try to put your dick into it
|
|
#
?
Feb 2, 2016 06:34
|
|
|
does it spit out an error if you try logging in with just quotes? so ' or "
|
|
#
?
Feb 2, 2016 07:12
|
|
|
Bhodi posted:I hope a web version comes out so I can play along at home. there was talk of this happening, i too would like to see if i'm an elite haxxor
|
|
#
?
Feb 2, 2016 07:46
|
|
|
cool thread I suggest putting it on the Internets and let the l33t internet hax0rs open the box
|
|
#
?
Feb 2, 2016 09:57
|
|
|
nsf001 smashthestate
|
|
#
?
Feb 2, 2016 10:13
|
|
|
try hunter2
|
|
#
?
Feb 2, 2016 12:26
|
|
|
treasure bear posted:maybe try an sql injection type thing OSI bean dip posted:does it spit out an error if you try logging in with just quotes?
|
|
#
?
Feb 2, 2016 13:29
|
|
|
the box is full of worms! (this is a good secret santa, good work santa  )
|
|
#
?
Feb 2, 2016 13:35
|
|
|
CRIP EATIN BREAD posted:what username/password gave you the muggle endpoint? user/password Nemesis Of Moles posted:turn it off then turn it back on again your helpdesk sucks, i demand you send a technician over post-haste Sniep posted:try to put your dick into it well, step1 didnt tell me to cut a hole in the box, so... OSI bean dip posted:does it spit out an error if you try logging in with just quotes? you know, this is something that probably should've occurred to me sooner  i'll let you know what happens when I get home
|
|
#
?
Feb 2, 2016 15:45
|
|
|
wtf you didnt bring it to work?!
|
|
#
?
Feb 2, 2016 15:50
|
|
|
what do you take me for, a massive loving nerd? *plays videogames during lunch*
|
|
#
?
Feb 2, 2016 15:53
|
|
|
like if i were a guessing person, the hashing method will never work so you probably just need to bypass that. try and get sql to spit out a true statement
|
|
#
?
Feb 2, 2016 16:21
|
|
|
spankmeister posted:cool thread I suggest putting it on the Internets and let the l33t internet hax0rs open the box i can make it run locally in docker but i have no loving idea how to use amazon web services elastic compute cloud container service because they have gone out of their way to make it complicated and unusable
|
|
#
?
Feb 2, 2016 18:34
|
|
|
Cocoa Crispies posted:i can make it run locally in docker but i have no loving idea how to use amazon web services elastic compute cloud container service because they have gone out of their way to make it complicated and unusable actually i'd really like to take a crack at this so if you could share it somehow that'd be awesome
|
|
#
?
Feb 2, 2016 18:37
|
|
|
make this the new yostop and sned it
|
|
#
?
Feb 2, 2016 18:47
|
|
|
Cocoa Crispies posted:i can make it run locally in docker but i have no loving idea how to use amazon web services elastic compute cloud container service because they have gone out of their way to make it complicated and unusable once this is done do you mind sharing what i can assume is the ruby code?
|
|
#
?
Feb 2, 2016 19:12
|
|
|
OSI bean dip posted:once this is done do you mind sharing what i can assume is the ruby code? once the box is open i'll open-source it all, yeah
|
|
#
?
Feb 2, 2016 19:16
|
|
|
migishu open the yosbox
|
|
#
?
Feb 2, 2016 19:24
|
|
|
|
|
#
?
Feb 2, 2016 19:27
|
|
|
i would try hacking the gibson
|
|
#
?
Feb 2, 2016 19:29
|
|
|
Symbolic Butt posted:migishu open the yosbox i'll be home by 6, should be able to test out some of the suggestions by 6:30
|
|
#
?
Feb 2, 2016 22:19
|
|
|
i wonder if my santee ever figured out how i encoded the message i sent him
|
|
#
?
Feb 2, 2016 23:10
|
|
|
it was just hydrochloric acid you wimp
|
|
#
?
Feb 2, 2016 23:41
|
|
|
I pm'd migishu a url to an online version, up to them to post it itt
|
|
#
?
Feb 3, 2016 00:18
|
|
|
i'll post the online version once done maybe, but i'll use it for now since the only 2 devices that have wifi in my place are my tablet and phone (loving send me my parts to fix my laptop you pricks i gave money to) so now for something completely related, i entered ' in as the username:  this website isn't sanitary!  putting ' in as the password did nothing
|
|
#
?
Feb 3, 2016 01:20
|
|
|
' OR 1=1 time
|
|
#
?
Feb 3, 2016 01:25
|
|
|
treasure bear posted:' OR 1=1 time
|
|
#
?
Feb 3, 2016 01:32
|
|
|
treasure bear posted:' OR 1=1 time this ^
|
|
#
?
Feb 3, 2016 01:34
|
|
|
|
|
#
?
Feb 3, 2016 01:36
|
|
|
did nothing but add OR 1=1 to the username
Migishu fucked around with this message at 01:40 on Feb 3, 2016 |
|
#
?
Feb 3, 2016 01:38
|
|
|
nevermind, i'm bad at SQL injection It's now giving me x is bad bcrypt again
|
|
#
?
Feb 3, 2016 01:42
|
|
|
username: admin password: 'xxxx
|
|
#
?
Feb 3, 2016 01:51
|
|
|
does expanding the backtrace give you more of the surrounding code ?
|
|
#
?
Feb 3, 2016 01:51
|
|
|
Migishu posted:nevermind, i'm bad at SQL injection Lain Iwakura fucked around with this message at 01:55 on Feb 3, 2016 |
|
#
?
Feb 3, 2016 01:53
|
|
|
|
| # ? Apr 19, 2024 21:55 |
|
|
' OR 1=(SELECT name FROM sqlite_master WHERE type='table'); see if we can figure out what needs to be updated CRIP EATIN BREAD fucked around with this message at 01:57 on Feb 3, 2016 |
|
#
?
Feb 3, 2016 01:55
|
|