So, Sup Forums a random user posted this onion link with a cryptic message yesterday, and I went digging out of curiosity. I can't seem to get past the login with the hint though.
Any clever anons willing to try their hand at it and post creds for the rest of us? To make it worth your while, I'll post OC of my ex if you crack it.
mesonbkxwrtmdb2m.onion
Bump
Post a pic of the ex to entice the citizens of Sup Forums
its admin password
for part 1
part 2 is user11235 pw is p455w0rd
Pic related
part 3 is hash reverse
alice:bc9d9cb353c87531f61d6f21d5cc072e
bob:6958b43cb096e036f872d65d6a4dc01b
carol:68e109f0f40ca72a15e05cc22786f8e6
dave:20abc423905199bc2765847eebc5e4c6
Still tells me invalid for part 1 with "admin" - "password"
alice- LetMeIn
bob - TopSecret
carol-HelloWorld
dave-DontHackMeBro
Part 1: admin:admin
Part 2: user11235:p455w0rd
Part 3: alice:LetMeIn
admin admin sorry
bump
Part 4: cooldude2:YouFoundMe
You can find the answer in the sites response headers.
Part 5:
Format of the ETag header tells us the server is apache.
The image is located in a folder on the server /files/logo.png
Apache supports directory listing by default. Go to lincsshbtaeqbcsx.onion
forgot the name of that tank u
Reminder: I reset the admin password to hAcKpRoOf1357
For Part 6, research SQL injection, you should be able to figure it out from there.
dont leave us pls
owasp.org
"Standard SQL Injection Testing
Example 1 (classical SQL Injection):
Consider the following SQL query:
SELECT * FROM Users WHERE Username='$username' AND Password='$password'
A similar query is generally used from the web application in order to authenticate a user. If the query returns a value it means that inside the database a user with that set of credentials exists, then the user is allowed to login to the system, otherwise access is denied. The values of the input fields are generally obtained from the user through a web form. Suppose we insert the following Username and Password values:
$username = 1' or '1' = '1
$password = 1' or '1' = '1
The query will be:
SELECT * FROM Users WHERE Username='1' OR '1' = '1' AND Password='1' OR '1' = '1'
If we suppose that the values of the parameters are sent to the server through the GET method, and if the domain of the vulnerable web site is www.example.com, the request that we'll carry out will be:
example.com
"
Its like i just seen a ghost from the past when Sup Forums was more then a 13yo edgelord trying to meme but was build of ppl who knew how internet and shit worked... Btw deepweeb link are now banned. 4 chan sucks ass now
did u get it
No im just lurking... This guy know his stuf ... We migth get acces to some box or someshit.... Probably childporn.....
If he can crack it of course....
put 1' or '1' = '1 in user and pw
...
It's funny, I just came back to Sup Forums today because I was bored. Haven't been here since 2015 when shit like this was normal.
Hell, we had cicada3301 on this board. It wasn't Sup Forums or /x/ that solved that shit it was us. Guys from all over the world sitting in irc channels for days on end, taking time off work to catch an early start on the next puzzle.
You're right though, it looks like Sup Forums kinda sucks now, not that it was ever good of course.
it updated
updated; bump
Pretty fucking cool, this whole thing. Would love to learn c++ and SQL