Hmm, I figure out this is something to do with Ascii, I've also figured out how to predict the 1st and second letter of the code. But after the 3rd letter it's beyond me! Still, working on it slowly...

On level 10 I may need to either use a different browser, or learn some basic coding.

The first 4 were pretty easy. All they required was a basic understanding of html and 'view source'.

5 was actually a little trickier, since it implemented the referrer check. The way I spoofed it was to use firebug to live-edit the html on the page. How'd you do it?

6 was actually fairly easy to me.. basically just a matter of figuring out the encryption method. I started off by putting in the letter a...which got me a. I then tried aaaa, which got me abcd, and that was pretty much the end of any challenge. The rest was just doing the math and figuring out the order that the punctuation marks showed up in. I didn't think about it being ASCII sequence, though that makes sense.

To me this was the first actual challenge. The description and activation made it obvious that the writer was passing off the POST var into a perl script. I assumed it was taking that variable and just sticking it to the end of a system call (ie, cal 2002). The trick was figuring out how to end one command and start a new line of commands. I guessed a semicolon, but forgot to add a year (like cal; ls -al) which did NOT work. I don't know if that's because it really wouldn't work, or if these guys' scripting failed to take that option into account. So I screwed with it for awhile, trying redirects and pipes and crap, and eventually I just googled how to append multiple commands to a single line in Unix. Which ended up being with semicolons. Which is when I solved it. *phew*

Still pondering this, though not continually (had class). I'm pretty sure the 'kid' is taking an unfiltered post far and sticking it either into a mkdir system call, or using fopen() or some other php function to create the file. The trick is figuring out which and how to exploit it. Still thinking on this one... hopefully sleeping on it will be of help.

Complete. Whilst messing around with JS injection I stumbled upon a code that allowed me to view all cookies. Originally, I couldn't find the right cookie or how to edit in firefox on my system. I think firefox stores all cookies in one file, making it harder to edit. So, with that I downloaded cookie editor for firefox. Once I had the cookie, it was really, REALLY simple to get in.

Is B11 really a mission of any sort? Or is it just a script to learn stuff from?

Am I trying too hard if I'm thinking of cookies at this stage?

I've found the login site hidden within the front page, but then I'm presented with a login script. Trying to use SSI to get a directory listing doesn't seem to work, incase there's maybe a password file. Maybe I'm doing it wrong though. I figured I might be able to fake an authorised cookie, but using javascript injection I can't find a cookie that seems to relate to the log in.