Jump to content











Photo

Challenge #21 - A challenge for the community


  • Please log in to reply
46 replies to this topic

#1 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 03:35 AM

Since last few months, KoBE, the admin of TechLife forum was developing & redesigning the Challenge site for Team Reboot to adapt it to MyBB so that it can be hosted within the TechLife forum itself. I'm more than happy to announce that today the first phase of the development is over. It is now hosted at a demo TLF board. What I request to reboot members is to grab an account at the demo board & do some penetration testing to find out hidden vulnerabilities. Here lies the new home of Challenge site. Also please do not forget to get back to us about any suggestions, ideas, concerns via this thread.
  • Nuno Brito likes this

#2 AceInfinity

AceInfinity

    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.
  •  
    Canada

Posted 08 January 2012 - 09:42 AM

Ignore the last entry for this test. I was testing to see how it would submit a challenge, but I noticed there's no way to remove a challenge or edit one.

#3 florin91

florin91

    Frequent Member

  • Team Reboot
  • 197 posts
  •  
    European Union

Posted 08 January 2012 - 09:46 AM

File downloads goes to root.

Off:
http://tech.reboot.pro/.htaccess
http://tech.reboot.pro/php.ini

#4 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 12:42 PM

Ignore the last entry for this test. I was testing to see how it would submit a challenge, but I noticed there's no way to remove a challenge or edit one.

KoBE will add it later. For the time being, it will be done from back end.

#5 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 12:47 PM

There is one "Submit Challenges" tab which should only be visible if you are a member of Team Reboot group @ TLF. Can anyone please confirm if it's working as expected?

@KoBE,
The "View Stats" tab is showing incorrect data in the sense that it's listing out only the first "Most attempted Challenge" while there are three more with the same number of attempts. Can it be corrected?

#6 AceInfinity

AceInfinity

    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.
  •  
    Canada

Posted 08 January 2012 - 12:53 PM

I already tested, logged in as a test dummy username created through admin cp, Submit Challenges is available to Admin usergroup (includes myself and KoBE on TLF), and the Team Reboot usergroup ID.

#7 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 12:55 PM

I already tested, logged in as a test dummy username created through admin cp, Submit Challenges is available to Admin usergroup (includes myself and KoBE on TLF), and the Team Reboot usergroup ID.

Ok, thanks for the confirmation.

If any Team Reboot member has joined TLF, please let us know so that he can be added to the Team Reboot group at TLF to publish challenges.

#8 AceInfinity

AceInfinity

    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.
  •  
    Canada

Posted 08 January 2012 - 01:06 PM

Thought this would be an appropriate enough place.

Posted Image

Posted Image

Which one do you think would be better to identify members of the group that would be able to edit/add/submit challenges on Tech.Reboot? Nothing better than asking all of the Reboot members themselves :)

#9 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 01:10 PM

I vote for this one
Posted Image

#10 KoBE

KoBE

    Newbie

  • Developer
  • 23 posts
  •  
    United States

Posted 08 January 2012 - 03:13 PM

File downloads goes to root.


Please explain what you mean by this. Currently the downloads go into the /mybbchallenge/files/ directory.

@KoBE,
The "View Stats" tab is showing incorrect data in the sense that it's listing out only the first "Most attempted Challenge" while there are three more with the same number of attempts. Can it be corrected?


It can. Is this a likely occurrence though? And what would you propose for the remedy? List all the challenges that are tied? At that point if we had 10 challenges that were tied then they would all be shown.

If any Team Reboot member has joined TLF, please let us know so that he can be added to the Team Reboot group at TLF to publish challenges.


They can send me or Ace a PM, or you also have the ability to add members yourself.

I vote for this one
Posted Image


I concur. :D


Thanks to everyone that is testing this out. I am by no means a great PHP coder so I really appreciate anyone finding vulnerabilities. I can provide the source if anyone is handy with PHP and want's to check over the security as well. There are still a few things that could be done. Also, if anyone wants to help develop any further areas then I am for that as well. :D.

I've been really busy as of late but now that this is just about complete I am going to try to get any and all suggestions done as soon as possible.

#11 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 333 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 08 January 2012 - 03:22 PM

If any Team Reboot member has joined TLF, please let us know so that he can be added to the Team Reboot group at TLF to publish challenges.

MichaelZ from Team Reboot is MichaelZ at TLF.

Many Greetings
MichaelZ

#12 MichaelZ

MichaelZ

    Frequent Member

  • Team Reboot
  • 333 posts
  • Location:Braunschweig, Germany
  •  
    Germany

Posted 08 January 2012 - 03:26 PM

Thought this would be an appropriate enough place.

Posted Image

Posted Image

Which one do you think would be better to identify members of the group that would be able to edit/add/submit challenges on Tech.Reboot? Nothing better than asking all of the Reboot members themselves :)

How about #1 with a plus sign instead of the on/off symbol? Personally I associate reload with the symbol in #2.

Many Greetings
MichaelZ

#13 AceInfinity

AceInfinity

    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.
  •  
    Canada

Posted 08 January 2012 - 03:32 PM

Yeah, that must be why KoBE and Holmes.Sherlock appreciate that one a bit more. That's what I was going for is the power or reset button to be more specific.

One thing to note: If either me or KoBE add a user, and that user is added through AdminCP, that user can no longer be demoted from the group by the leader, he/she has to be demoted through the AdminCP the way the user was added. Holmes you should have ability to add anyone you wish though :) Feel free to add whoever is in the group over there.

#14 florin91

florin91

    Frequent Member

  • Team Reboot
  • 197 posts
  •  
    European Union

Posted 08 January 2012 - 04:36 PM

Please explain what you mean by this. Currently the downloads go into the /mybbchallenge/files/ directory.


I mean when you access http://tech.reboot.p.../Challenge1.ZIP it shows the same page like the one on root: http://tech.reboot.pro with this address in the bar: http://tech.reboot.p.../Challenge1.ZIP and not downloading anything like it should.

I do not think this is because of script, if the files are uploaded there on /files/ folder, I think this may be because the settings in the.htaccess file and further in the php.ini file.

#15 KoBE

KoBE

    Newbie

  • Developer
  • 23 posts
  •  
    United States

Posted 08 January 2012 - 04:42 PM

One thing to note: If either me or KoBE add a user, and that user is added through AdminCP, that user can no longer be demoted from the group by the leader, he/she has to be demoted through the AdminCP the way the user was added. Holmes you should have ability to add anyone you wish though :) Feel free to add whoever is in the group over there.


Ace, you can add them through the UserCP.. you are also listed as a group leader as well.

Also, all Team Reboot members are listed on the Forum Team page. In order to be shown there and also to have the userbar displayed. You much go to the UserCP->Group Memberships and set Team Reboot as your display group.

I've added and changed the display group for you MichaelZ.

#16 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 08 January 2012 - 05:07 PM

Also, all Team Reboot members are listed on the Forum Team page. In order to be shown there and also to have the userbar displayed. You much go to the UserCP->Group Memberships and set Team Reboot as your display group.

I registered some minutes ago, but have no possibility to define the Team Reboot membership.

I see:

Registered (Display Group)

(You cannot leave your primary group)



BTW: How to read the forum's team page?

Peter

#17 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 05:43 PM

I registered some minutes ago, but have no possibility to define the Team Reboot membership.

I added you & florin to the Team Reboot group @ TLF. Now set it as "Display Group" via UserCP.

BTW: How to read the forum's team page?

Means?

#18 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 05:45 PM

It can. Is this a likely occurrence though? And what would you propose for the remedy? List all the challenges that are tied? At that point if we had 10 challenges that were tied then they would all be shown.

At least that would correct then. Presently it's displaying somewhat confusing info.

#19 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 08 January 2012 - 05:46 PM

Means?

Also, all Team Reboot members are listed on the Forum Team page.

How can I mread this page?

Peter

#20 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 05:55 PM

How can I mread this page?

Being a leader of the group, I can view all the members. But I have no idea how non-leaders can see the members of the group they belong to in MyBB.

#21 KoBE

KoBE

    Newbie

  • Developer
  • 23 posts
  •  
    United States

Posted 08 January 2012 - 06:14 PM

I mean when you access http://tech.reboot.p.../Challenge1.ZIP it shows the same page like the one on root: http://tech.reboot.pro with this address in the bar: http://tech.reboot.p.../Challenge1.ZIP and not downloading anything like it should.

I do not think this is because of script, if the files are uploaded there on /files/ folder, I think this may be because the settings in the.htaccess file and further in the php.ini file.


Oh, ok. Yes. I haven't moved the challenge files over yet. So any files not there will be redirected to the index page. I actually need to go through the current challenges and remove the hyperlinks. Because this challenge system will automatically generate a link if the Challenge<#>.zip is located in the files folder.

How can I mread this page?
Peter


At the bottom of the index page there is a link called 'Forum Team'

or you can get to it here: http://tech.reboot.pro/showteam.php
  • pscEx likes this

#22 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 08 January 2012 - 06:18 PM

or you can get to it here: http://tech.reboot.pro/showteam.php

I've added florin & Nuno. But they are not being shown up their though I can see them from my UserCP. Strange!!

#23 AceInfinity

AceInfinity

    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.
  •  
    Canada

Posted 08 January 2012 - 06:27 PM

Nuno Brito was added by the AdminCP to his own special group at first which may be why. I would have to change his settings from the AdminCP but I never edited florin. I think florin just has to set his to the default display for Team Reboot.

I set florin's username to display as Team Reboot. I'll set Nunobrito up as well

#24 KoBE

KoBE

    Newbie

  • Developer
  • 23 posts
  •  
    United States

Posted 08 January 2012 - 06:38 PM

I've added florin & Nuno. But they are not being shown up their though I can see them from my UserCP. Strange!!


In order to show up on the Forum Team page and display the user bar. The member must set their Display group to Team Reboot. They must do this themselves under UserCP-Group Memberships

#25 AceInfinity

AceInfinity

    Frequent Member

  • Team Reboot
  • 228 posts
  • Location:Canada
  • Interests:Windows Security, Programming, Customizing & Crash Dump Analysis.
  •  
    Canada

Posted 08 January 2012 - 06:44 PM

True :)

It's all configured now though, Nuno Brito is set to his group, and with the display of Team Reboot, and i've set florin's display to the Team Reboot group for him :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users