Thread subject: Security Override :: Real 7

Posted by Lax on 10/07/2011 19:07:01
#1

I dont know who coded realistic nr 7, but thank you for a great challenge :)

I just finished it, and I learned a few things underway. Was a lot of fun :)
I think its good this one is not spoiled here on the forums. In this one you can actually experiment your way to the answer, because you get feedback from the site.

- lax

Posted by Guest on 10/07/2011 19:14:12
#2

Lax wrote:
I dont know who coded realistic nr 7, but thank you for a great challenge :)


I did, thanks. Very much appreciated.

Edit: And congratz to you challenge spree ;)

Edited by Guest on 10/07/2011 19:16:11

Posted by transaeris on 10/20/2011 10:27:50
#3

Hey everyone,

Just wondering if somebody can point me to some good tutorials or maybe give a little clue?

I have found the inject point, and think i need to use the <spoiler removed - Null Set> to run phpinfo()...
I figure that if its coded like this:
<spoiler removed - Null Set>

I have read through a few regex tutorials but everything i come up with so far seems to fail.
I think the closest I have got is "<spoiler removed - Null Set>" as hat didnt come up with an error, but still didnt work.

Am i on the right track in thinking I have to match the text first then execute phpinfo()?

Any hints/tutorials would be greatly appreciated.

Regards,
TransaeriS//

Edited by Null Set on 10/20/2011 13:05:40

Posted by Guest on 10/20/2011 10:35:31
#4

Well, your problem is, that your injected string is no valid PHP code.
And please, for god sake, remove all those spoilers from your post

Edited by Guest on 01/01/2013 15:50:16

Posted by buglu on 04/07/2012 12:30:00
#5

My problem is, I just don't know what this challange is expecting from me, i tried to find an xss exploit, what i didn't found yet, but if i find one, i'll be just like, ok and what to do now... can someone maybe explain what this challange is expecting from me, and if it actually has to do with xss?

Posted by mirphak on 06/17/2012 19:11:22
#6

Hi,

I have found the inject point too but... Any hint ?

Thanks






Posted by Rap70r on 07/23/2012 14:50:45
#7

Hello everyone!

I was struggling with this one for like two days but with no luck. :(
I have used some different techniques and tried some stuff but the truth is am kinda lost. ^^
Can some one give me a nudge just to understand what I am dealing with here?
Is this mission related to XSS?

Thanks!

Posted by ZonTa on 09/14/2012 04:36:47
#8

I've tried this for weeks now.
I did find "Preg" weeks before.
Still can't exploit it.
Can someone help me ??

Posted by Guest on 09/14/2012 05:53:04
#9

Zonta: PM me with what you are trying, and we will see what we can do.

To answer some of the previous questions:

1) The challenge expects you to execute phpinfo() on the page. Read the description.
2) If you found the injection point you gotta determine what kind of code might be behind that, and then research for possible exploitation techniques
3) There are some hints in the challenge. They are pretty obvious, see them.

Edited by Guest on 09/14/2012 05:57:46

Posted by ZonTa on 09/14/2012 11:32:06
#10

PublicEnemy wrote:
Zonta: PM me with what you are trying, and we will see what we can do.

To answer some of the previous questions:

1) The challenge expects you to execute phpinfo() on the page. Read the description.
2) If you found the injection point you gotta determine what kind of code might be behind that, and then research for possible exploitation techniques
3) There are some hints in the challenge. They are pretty obvious, see them.


I've already PM'ed you. Thanks

Posted by elasolova on 01/01/2013 09:24:01
#11

I have been trying this for a while. I know the php funciton behind the scenes and I also know the modifier tag to be used in the injection. But, somehow having the regex be also a valid php code is not working for me. Can I pm someone who have solved the challenge to show what I have done so far?

Posted by Teddy on 01/01/2013 09:44:03
#12

You can PM me

Posted by g00se1 on 01/21/2013 10:23:33
#13

Hi,

I've been at this for a few days and I think I'm close. I just can't seem to get the syntax right. Can I pm someone for some help on this ?

Cheers :)

Posted by OhB1 on 02/22/2013 04:37:22
#14

What can I say? Since starting this one I have not had to visit my therapist :-)

Can I qualify something? Am i right in saying there are two 'changes' needed to get the injection to work, the second of course being phpinfo()?

I might look vague but that is my er, regular expression !

Posted by Guest on 02/22/2013 12:59:18
#15

you need to combine your ideas in one change, Ohb1

Posted by Tommy on 02/22/2013 13:32:02
#16

@OhB1
Hint:content of your f13460bd46c28e73e8d2b6122bea2241 injection.

Posted by tiburtio on 05/25/2013 23:50:56
#17

any source...article..and other reading material suitable for this challenge...i really appreciate it...thanks in advance...Godspeed

Posted by tiburtio on 05/30/2013 05:57:56
#18

gosh....i been stuck with this level for almost a week now...and what i found was all about preg_replace function...i know about how to inject the particular modifier...but i do know what are the variables for such patterns and replacements....any hint would be much appreciated...

Edited by tiburtio on 05/30/2013 07:17:05

Posted by Abhinav2107 on 05/30/2013 13:03:06
#19

Keep in mind what is the mission goal.
You can separate different search strings using |

Posted by thissitehack on 08/20/2013 08:34:48
#20

Hi all,

I think I found the vulnerability, but my injection isn't working for some reason. Any help would be greatly appreciated :)

Deleted Spoiler by Teddy

~tsh

Edited by Teddy on 08/20/2013 09:13:27

Posted by Teddy on 08/20/2013 09:12:34
#21

I understand why you are using "?>". But this won't work here because you are using the eval function. The eval function itself does not need to be telled that php is starting or ending.
So the <?php ?> will be left out and even worser produce an error. (http://php.net/manual/en/function.eval.php)

However you understand the problem right. You need a way to tell ecal that the stuff after phpinfo() should not be executed.
Hint: Think about another way than using ?> to end the php part. What would you do in SQLinjection?

Posted by thissitehack on 08/20/2013 16:55:42
#22

Solved it, thanks for the hint:). Although technically, the eval function does support ?> to transition from PHP mode to HTML mode, in which no errors will be thrown.

Posted by Teddy on 08/21/2013 08:54:57
#23

the eval function does support ?> to transition from PHP mode to HTML mode, in which no errors will be thrown.


If that is the case (I cannot confirm it nor did I try to do so) then you would need to open php as well. You just closed php with the tag with "?>" but never opened it in the first place.

Edited by Teddy on 08/21/2013 08:55:40

Posted by hax366 on 01/19/2014 07:44:53
#24

need more hints i know what is the exploit but any guides on how to perform this will be more helpful thanks


Posted by MnX1337 on 02/18/2014 15:55:30
#25

Hint:it's a disclosure,i hope this helps :)

Posted by vi0 on 05/08/2014 15:25:51
#26

Can I PM someone to get any hints? I'm almost there but my injections simply does not work.

Posted by Abhinav2107 on 05/09/2014 14:06:36
#27

Go ahead.