PVA – Archives

Sưu tầm những bài viết hay trên internet…

HBH Basic Web 5: Beat Asterix-Protect

In basic web mission 5 on Hellbound Hackers, a (fictional) new project, called Asterix-Protect, is implemented: [sic]

Welcome to Asterix-Protect

Asterix-Protect is an email search system that uses this new type of Asterix database to match your search and uses the same type of form like a login. And Asterix-Protect its a login system which also uses this advanced type Asterix database to match your username:password, this is a project that just started… If something is wrong or you have found a bug in our product, please contact us at problems@Asterix-Protect.org.

This means that you will have to find out someone’s username and password and log in. From the mission text, you see that the username is the email adress, and the username and password are separated with a colon (:). As always, begin with checking the source code. You will discover a very revealing comment:

<!--attention admin: * is a wildcard -->

The asterisk (*) can be used as a wildcard. Hackers have always been fond of puns, and that’s probably what the Asterix-Protect system got its name from. Try logging in with an auto-matched email-adress and an automatically matched password using the asterisk wildcards:

*@*:*

Mission accomplished.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: