Main:advertisement
A quick article on Real 9.
+----------------------+
| REAL 9 Challenge |
+----------------------+
This is a really easy challenge; I managed to complete it in fewer than 5 mins.
Well where shall I start?
I suppose first of all you read all of the information on the main page as that would just be the first obvious thing to do (Obviously after reading the challenge information).
The first thing I noticed was that there is a note from "whitie" which is all encrypted and I had no way to decrypt it until I found out the encryption type.
Reading on from that it says: "We are now using a fancy MySQL thing for the admin login so no commie bastards can hack it". Well, well. What do we have here then? 'A fancy MySQL THING' obviously they do not have much knowledge on databases or security it appears.
Before we do anything, I think we should check around the site a bit for any more information we can find, check all the source codes and pages for any additional information.
Not found anything? Okay well let’s begin with defacing these Nazi bastards.
What do we know?
1. They are using MySQL for their default database which means that the site will login using MySQL.
2. They don’t know much about the database itself.
3. Their message is encrypted and we don’t know the encryption key yet.
So we try the most obvious things first. Go to the admin panel and try to login. Try the easy ones like “user=admin; pass=admin” and so on.
Do you keep getting an error message? “Sorry, this login is invalid.”
Well what we do know is they are using MySQL for their login/database system. If you haven’t got it yet, look for common SQL vulnerabilities.
Oh that was quite easy wasn’t it?
See I told you it wasn’t hard.
Well that’s the first stage completed, so now let’s move on again.
We’ve come to a page which says “Admin Info” and all the information we need is right there.
“ok, this is the first post so i'll just post some basic info.
username: *********
password: *******
encryption key: *****************”
So obviously we have all the information we need now. Now all we need to do is go back to the encrypted message which there was a link for on the “Home” page. Got it? Good.
Now you can go to “Decryption” and enter all the information which it asks for and decrypt it!
VOLIA! You’ve got the encrypted message which is now decrypted.
Last but not least all you have to do is send the decrypted message to the Liberal organisation which there was a link to on the challenge description if you read it properly. Open that link, insert the decrypted message and send it away.
See I told you it wasn’t very hard. It’s a very easy challenge.
Thanks for reading my article and again I would love to get some feedback on what you thought of it and how I could have improved it.
Thanks again.
~DarkMantis~
| REAL 9 Challenge |
+----------------------+
This is a really easy challenge; I managed to complete it in fewer than 5 mins.
Well where shall I start?
I suppose first of all you read all of the information on the main page as that would just be the first obvious thing to do (Obviously after reading the challenge information).
The first thing I noticed was that there is a note from "whitie" which is all encrypted and I had no way to decrypt it until I found out the encryption type.
Reading on from that it says: "We are now using a fancy MySQL thing for the admin login so no commie bastards can hack it". Well, well. What do we have here then? 'A fancy MySQL THING' obviously they do not have much knowledge on databases or security it appears.
Before we do anything, I think we should check around the site a bit for any more information we can find, check all the source codes and pages for any additional information.
Not found anything? Okay well let’s begin with defacing these Nazi bastards.
What do we know?
1. They are using MySQL for their default database which means that the site will login using MySQL.
2. They don’t know much about the database itself.
3. Their message is encrypted and we don’t know the encryption key yet.
So we try the most obvious things first. Go to the admin panel and try to login. Try the easy ones like “user=admin; pass=admin” and so on.
Do you keep getting an error message? “Sorry, this login is invalid.”
Well what we do know is they are using MySQL for their login/database system. If you haven’t got it yet, look for common SQL vulnerabilities.
Oh that was quite easy wasn’t it?
See I told you it wasn’t hard.
Well that’s the first stage completed, so now let’s move on again.
We’ve come to a page which says “Admin Info” and all the information we need is right there.
“ok, this is the first post so i'll just post some basic info.
username: *********
password: *******
encryption key: *****************”
So obviously we have all the information we need now. Now all we need to do is go back to the encrypted message which there was a link for on the “Home” page. Got it? Good.
Now you can go to “Decryption” and enter all the information which it asks for and decrypt it!
VOLIA! You’ve got the encrypted message which is now decrypted.
Last but not least all you have to do is send the decrypted message to the Liberal organisation which there was a link to on the challenge description if you read it properly. Open that link, insert the decrypted message and send it away.
See I told you it wasn’t very hard. It’s a very easy challenge.
Thanks for reading my article and again I would love to get some feedback on what you thought of it and how I could have improved it.
Thanks again.
~DarkMantis~
Posted by 