No clue what to do in this

Access logs

[deleted user]
10 years ago

0

Hi All,

Everyone who has completed this level. Please provide some hints. Thanks in advance.

23replies
20voices
800views
Pinkponyprincess
10 years ago

0

all i can tell you is that \n produces a new line ;)

[deleted user]
10 years ago

0

I know that already. What does that have to do with this level.

J [ColdIV]
10 years ago | edited 10 years ago

1

https://www.owasp.org/index.php/Category:Attack

This is the best help I can provide. Thanks to @verath who send that in IRC :)

EDIT: @tlotr if you read the right part of the mentioned site then you might understand the “\n” thing

DJDavid98
10 years ago

0

I think I figured it out, I’m just not sure what the log parser parses as a success :(

[deleted user]
10 years ago

0

ColdIV,

Which would be the right part to read in the URL which you have mentioned above.

wahib
10 years ago

0

Hi,

What’s in the provided link relate to the challenge ? Yup, you just got your answer.
The hard part is to find what the server parses as success.

Eric [iluvz2sp00ge]
10 years ago

0

how would I find what the server parses as success? just keep guessing or is their another way? I’ve tried Succeeded and successful…

Reply has been removed
francisuk
10 years ago | edited 10 years ago

0

Hi,
I am stuck at this level.

I followed the link provided above and I figured out that I have to use a ‘Log Injection’ (using the \n thing lol).
Now, I put as username this: guest\nUser login succeeded for: admin and it comes up that my IP is no longer blocked but just that the details are invalid.

It keeps saying ‘Failed Password for from (IP)

Now, I think I put the right thing within the ‘username’ box.
What should I put as password?

In the link provided or on YouTube, I have seen several things (Spoofing Log) but I have never heard anything about password.
Actually, one just needs to enter the correct username but I think I inserted the right code….so what’s the problem ?!

Could you help me, somehow?
I don’t want the answer, of course. I would like to just know whether what I inserted in the username box is correct or not and if I need to type something in the password box.

Thank you,
Francis

[deleted user]
10 years ago

0

I think you are giving too much information about this level but there is a little spoiler for you:

You don’t need a password so your username isn’t correct.

Zoino
10 years ago

0

Any more hints, the article provided doesn’t supply much content.

heavenlyMe
10 years ago

0

@Zoino
The article shared in this thread is enough IMO. You have to find the main part of the log and then play with it.

Susan S [Trinity]
10 years ago | edited 10 years ago

0

I have been at this for three or four days now and I am getting nowhere except getting real bad headache. I understand the new line using \n I’ve even tried stuff like: blah' or 1=1 or ‘a’=‘a or anything else I could think of but still no luck. I have read through this 'til I can’t read it much more.

http://saxon.sourceforge.net/saxon6.5.3/expressions.html#StringExpressions

Could someone please help a girl out???

Susan S [Trinity]
10 years ago

1

I have tried lots of different usernames with the \n to stop the blocking but I need to give it a rest because I am just going over the same thing time and time again. Will have a bash at the crypt level as I have found what is in the encryption levelt just got to iron out the first section. AAaaarrrghgghhhh right - coffee first! At least I don’t have to go into work today!! ;)

Cyan Wind [freewind1012]
10 years ago | edited 10 years ago

3

[quote=Trinity]Could someone please help a girl out???[/quote]
Girl… Is that a rare Pokon?
Because you are a girl, I will give you karma for no reason. It will help to boost your brain! B)

If you give me karma, it will surely help you again.

Frozen_Sword
10 years ago

0

For those who can’t figure out the username, think about this:

Who’s trying to log in?

[deleted user]
10 years ago

0

This level looks really tough… -_-


0

infiniteloop : have you faced it already ! umm ???


0

Actually, this level is kinda easy for me. I have to confirm something. :/

biswassudipta05
6 years ago

0

@francisuk That’s too much of a spoiler I guess.

L00PeR
6 years ago

0

Maybe this helps you:

The program is “banning” your ip for a period… maybe you try changing quikly your ip…

2 replies have been removed

0

i dont know what ever you provided seem to be worked out in my case. but iaint get the real logic behind this can somebody explain..???

JTHilliard
3 years ago

0

What kind of attack affects logs? It’s listed in a link provided earlier in this thread. That is where I would start reading up on.


0

given the \n hint and a bit of log studying, I solved the level faster than I ever dreamed! :)

You must be logged in to reply to this discussion. Login
1 of 24

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss