Solution for Net-Force.nl : Level 402 - Oops, a typo...
This is the link to the original challenge: http://www.net-force.nl/challenge/level402/
Quest:
This challenge consists of two parts.
Just start here.
Just start here.
Required Tools:
Live HTTP Headers - http://livehttpheaders.mozdev.org/
Logic Behind the Challenge:
When we try to access http://www.net-force.nl/challenge/level402/protected.php
We will see the following image:
From the error in the image, it seems that it is expecting some sort of input variable, ip and that ip had to be from 213.75.238.147
Ok, let's try feeding a parameter to the url like this:
http://www.net-force.nl/challenge/level402/protected.php?ip=213.75.238.147
By doing so, we have solved 1 half of the challenge and we will see this.
If we access the link given directly, we will land up on
http://www.net-force.nl/challenge/level402/auth.php?denied
The clue is "Access Denied"
Maybe let's try to view it with Live HTTP Headers
It seems to us that it's trying to do a GET to
http://www.net-force.nl/challenge/level402/auth.php?show=no
Then it redirect us to
http://www.net-force.nl/challenge/level402/auth.php?denied
So the question now for us is...what if we change value for parameter, show, to yes instead of no
The url would look like this:
http://www.net-force.nl/challenge/level402/auth.php?show=yes
Doing so and we will be greeted with
Live HTTP Headers - http://livehttpheaders.mozdev.org/
Logic Behind the Challenge:
When we try to access http://www.net-force.nl/challenge/level402/protected.php
We will see the following image:
From the error in the image, it seems that it is expecting some sort of input variable, ip and that ip had to be from 213.75.238.147
Ok, let's try feeding a parameter to the url like this:
http://www.net-force.nl/challenge/level402/protected.php?ip=213.75.238.147
By doing so, we have solved 1 half of the challenge and we will see this.
Congratz...You have solved the first part :)
Proceed
If we access the link given directly, we will land up on
http://www.net-force.nl/challenge/level402/auth.php?denied
The clue is "Access Denied"
Maybe let's try to view it with Live HTTP Headers
It seems to us that it's trying to do a GET to
http://www.net-force.nl/challenge/level402/auth.php?show=no
Then it redirect us to
http://www.net-force.nl/challenge/level402/auth.php?denied
So the question now for us is...what if we change value for parameter, show, to yes instead of no
The url would look like this:
http://www.net-force.nl/challenge/level402/auth.php?show=yes
Doing so and we will be greeted with
The password is: expl017So there we have it, the password for this particular challenge is expl017
Cheers
0x4A61636F62
No comments:
Post a Comment