Find the index filename and Win 500 credits/points

**olliepop** · 03-04-2009 08:34 PM

The first person to tell me the name of the index page (eg hello.php) of http://tribalcorp.net/project automatically wins 800 points/credits

only regular users can enter :P

**Wizet** · 03-04-2009 09:40 PM

Can you like give us any hints because there can be googols of combinations out there.

**olliepop** · 03-04-2009 09:48 PM

sorry, i made this contest to see if there was any way of finding the filename

just knowing the filename can compromise my entire website and security mainframe

sorry man

**Wizet** · 03-04-2009 10:14 PM

Technically it will be impossible because there are thousands of combinations of letters and there are many types of website file types. So that's your answer

**olliepop** · 03-04-2009 10:19 PM

but i want to know if there is a way for people to find the name besides guessing.
yes it is a long name also.

**~~Livewire~~** · 03-04-2009 10:35 PM

Originally Posted by olliepop

but i want to know if there is a way for people to find the name besides guessing.
yes it is a long name also.

Other than brute-force trying every single possible combination, not that I can see - I disabled javascript and could view the source of the included ajax javascript file (you may wanna look for a way to disable that from happening, not sure exactly -how- to go about that though), but there's nothing that indicates what the name of that exact page is.

**olliepop** · 03-04-2009 11:31 PM

Originally Posted by Livewire

Other than brute-force trying every single possible combination, not that I can see - I disabled javascript and could view the source of the included ajax javascript file (you may wanna look for a way to disable that from happening, not sure exactly -how- to go about that though), but there's nothing that indicates what the name of that exact page is.

thanks man. you sound experienced, so you gave me some assurance ^^
i know how to make the js file hard to find ;)

of course, im not going to rest all my hopes for security on hiding the file names (for you skeptics :drool

for the next load of people who read this, is it possible for me to chmod the js file from reading and writing (unreadable and unwritable by world, user and private) but yet still call the ajax functions from it?

sorry if its going a bit off topic...
keep trying to find the name guys!

**jensen** · 03-05-2009 12:57 AM

well i got the http://tribalcorp.net/project/register/main.php page from javascript but then that's not the main page even though it says main.php :D

if this was posted on a white hat forum maybe you'd have got your winner by the 2nd post.

**Sohail** · 03-05-2009 03:34 AM

I managed to get one of your scripts out of it :

"var xmlHttp;
2var div;
3
4function Registration()
5{
6xmlHttp=GetXmlHttpObject();
7if (xmlHttp==null)
8 {
9 alert ("Browser does not support HTTP Request");
10 return;
11 }
12div = "mainbody";
13document.getElementById(div).innerHTML="Loading please wait... T R I B A L    C O R P";
14var url="register/main.php";
15url=url+"?sid="+Math.random();
16xmlHttp.onreadystatechange=stateChanged;
17xmlHttp.open("GET",url,true);
18xmlHttp.send(null);
19}
20
21function ShowCopyright()
22{
23xmlHttp=GetXmlHttpObject();
24if (xmlHttp==null)
25 {
26 alert ("Browser does not support HTTP Request");
27 return;
28 }
29div = "copyright";
30document.getElementById(div).innerHTML="Loading please wait... T R I B A L    C O R P";
31var url="copyright.php";
32url=url+"?sid="+Math.random();
33xmlHttp.onreadystatechange=stateChanged;
34xmlHttp.open("GET",url,true);
35xmlHttp.send(null);
36}
37
38function Advertise()
39{
40xmlHttp=GetXmlHttpObject();
41if (xmlHttp==null)
42 {
43 alert ("Browser does not support HTTP Request");
44 return;
45 }
46div = "mainbody";
47document.getElementById(div).innerHTML="Loading please wait... T R I B A L    C O R P";
48var url="advertise.php";
49url=url+"?sid="+Math.random();
50xmlHttp.onreadystatechange=stateChanged;
51xmlHttp.open("GET",url,true);
52xmlHttp.send(null);
53}
54
55function HideCopyright()
56{
57xmlHttp=GetXmlHttpObject();
58if (xmlHttp==null)
59 {
60 alert ("Browser does not support HTTP Request");
61 return;
62 }
63div = "copyright";
64document.getElementById(div).innerHTML="<a href=# onclick=ShowCopyright() >Legal and Advertising</a>";
65}
66
67function mainhome()
68{
69xmlHttp=GetXmlHttpObject();
70if (xmlHttp==null)
71 {
72 alert ("Browser does not support HTTP Request");
73 return;
74 }
75div = "mainbody";
76document.getElementById(div).innerHTML="Logged in. Welcome, " + sessionname;
77}
78
79function stateChanged()
80{
81if (xmlHttp.readyState==4 || xmlHttp.readyState=="complete")
82 {
83 document.getElementById(div).innerHTML=xmlHttp.res ponseText;
84 }
85}
86
87function GetXmlHttpObject()
88{
89var xmlHttp=null;
90try
91 {
92 // Firefox, Opera 8.0+, Safari
93 xmlHttp=new XMLHttpRequest();
94 }
95catch (e)
96 {
97 // Internet Explorer
98 try
99 {
100 xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
101 }
102 catch (e)
103 {
104 xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
105 }
106 }
107return xmlHttp;
108}"

This one makes me think that register/main.php is it but I can't be sure... Are you using a URL rewrite with .htaccess?

**xxll_martin_llxx** · 03-05-2009 05:24 AM

It wouldn't happen to be in this list would it? http://www.google.co.uk/search?hl=en...t&start=0&sa=N

Thread: Find the index filename and Win 500 credits/points

LinkBack

Thread Tools

Display

Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Re: Find the index filename and Win 500 credits/points

Posting Permissions