| Author |
new challenge category? maybe? :) |
puertoricanmaxwell
Member
Posts: 13
Location: Behind a Firewall
Joined: 15.08.08
Rank: Wiseman |
|
good morning/afternoon/night people.
I think php is needed for web hacking for the most part.
I recently started learning php and I came up with this idea. might be great, might not.:)
anyways, the idea is to make a new challenge category called "basic php hacking" or something (under exploit section maybe?;))
example:
<html>
<body>
<form method="post">
Enter Password:<input type="password" name="pass" value="">
</form>
<?php
$pass=$_POST['pass'];
if ($pass='hbhpwn23'){
alert("good job");
}
else {
alert('Wrong password. Please try again.');
}
?>
</body>
</html>
as I said before, I recently started learning php. please dont flame if I made a mistake (it's what makes me a human after all:)).
thanks for reading
-Max |
|
| Author |
RE: new challenge category? maybe? :) |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
Firstly, the code you presented has password hard coded. This means that no injections are possible, thus only bruteforcing would be possible, putting great strain on the server. Imagine even quite small number of members generating hundreds of requests, such a waste of resources, so for this code no.
Secondly php is very useful in website hacking, but in depth knowledge isn't essential. In order to exploit file inclusion by null byte, you don't need to know e.g. how to connect php with mysql, you need to know how php works with null byte, and how include function works.
If you want to learn php, go and learn, develop cms or something, if you want to learn exploit, go and learn. Wanna do both? cool, but there's no need to make new challenges for that...
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
Edited by clone4 on 26-02-09 12:08 |
|
| Author |
RE: new challenge category? maybe? :) |
yours31f
Second to one
Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank: Satan |
|
On the topic of new challenges, get ready for real 18, made by ... ME.
Actually yours will be 19. Me and -cL own 18.
And, really, yours won't be here for a veeeeeery long long long (you get the idea) time. --MoshBat
Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.
Edited by on 26-02-09 20:45 |
 
|
| Author |
RE: new challenge category? maybe? :) |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
|
yours31f wrote:
On the topic of new challenges, get ready for real 18, made by ... ME.
Wow just a small self-advertising  btw I thought it's moshbats ( and I guess sry to OP for hijack)
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: new challenge category? maybe? :) |
Futility
Member
Posts: 715
Location: USA
Joined: 17.12.07
Rank: God |
|
I think the idea here is that you are shown the code and have to find a way to exploit it. So you see that you have to POST the data 'hbhpwn23' to the page in order for you to receive the password. EG has something like this, though, so I doubt it'll get implemented. Then again nothing's up to me.
|
|
|
| Author |
RE: new challenge category? maybe? :) |
COM
Banned
Posts: 800
Location:
Joined: 31.08.07
Rank: God |
|
|
yours31f wrote:
On the topic of new challenges, get ready for real 18, made by ... ME.
Which still has nothing with what the OP was on about, if you're that horny about promoting yourself, there's the shoutbox. Otherwise we'll see it when it's out and we'll know that you made it then, you're proud of yourself, that's nice, don't post it where it doesn't belong just because of that.
Anyhow, as for the original idea: you might be surprised to find a challenge type called "Web Patching". It's under the section "Patch", you should check it out, it's surprisingly enough PHP and you oddly enough have to patch vulnerabilities, aka: exploits... which happen to be PHP. Bottom line is, no need for that type of new challenge.
Reference: http://www.hellboundhackers.org/challenges/patch.php
K'aem'nhi kh'rn, K'aem'nhi kh'r, K'aem'nhi kh'rmnu.
I'a Y'gs-Othoth! |
|
|
| Author |
RE: new challenge category? maybe? :) |
puertoricanmaxwell
Member
Posts: 13
Location: Behind a Firewall
Joined: 15.08.08
Rank: Wiseman |
|
thanks for the reply 
colen4 wrote:
Secondly php is very useful in website hacking, but in depth knowledge isn't essential.
This might be true, but some people (including me) probably want to learn it to the full. This could help us improve our skills on that certain field.
Futility wrote:
I think the idea here is that you are shown the code and have to find a way to exploit it.
exactly.
this might be a bad example. (my apologies)
Thinking about it though, its kind of like the Js challenges, but like a php version. you are presented with a code and you have to analyze it to retrieve the password. |
|
|
| Author |
RE: new challenge category? maybe? :) |
clone4
Member
Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank: God |
|
|
puertoricanmaxwell wrote:
This might be true, but some people (including me) probably want to learn it to the full. This could help us improve our skills on that certain field.
That may be, but why force people to use php, when they might want to learn perl, or asp or anything else for that matter, you might add some web patching challenges, to include both more advanced and basic techniques and protection against them though
Futility wrote:
I think the idea here is that you are shown the code and have to find a way to exploit it.
exactly.
this might be a bad example. (my apologies)
Thinking about it though, its kind of like the Js challenges, but like a php version. you are presented with a code and you have to analyze it to retrieve the password.
My bad the problem is that js is client-side language, so you are always presented with the source, but php is opposite, you will only rarely be able to view the source, even though it might be possible in some cases (and of course exluding white box pen-testing)
[img][/img]
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl
|
|
|
| Author |
RE: new challenge category? maybe? :) |
4rm4g3dd0n
Member
Posts: 904
Location: Louisville,Ky
Joined: 09.10.07
Rank: God |
|
A skills section would be nice example:
__________Skills_______________
SQL... 1 2 3 4 etc... Skill Level
PHP... 1 2 3 4 etc... Skill Level
HTML.. 1 2 3 4 etc... Skill Level
C++... 1 2 3 4 etc... Skill Level
Javascblockedript... 1 2 3 4 etc... Skill Level
Perl...
etc...
etc....
_______________________________
Where the level challenges may or may not have points But shows the persons skill level for that subject for HBH i suppose the leveles would go from Apprenetice to God I dont know That would be Cool though
All I Know Is That I Don't Know Nothing .... Operation Ivy
|
|
|
| Author |
RE: new challenge category? maybe? :) |
Futility
Member
Posts: 715
Location: USA
Joined: 17.12.07
Rank: God |
|
|
MoshBat wrote:
What you actually want is new challenges, and there are some ready, it's just we're all busy.
Speak for yourself. I'm not busy at all. In fact, I'm enjoying a 4 and a half day weekend of freetime. If someone would only give me the privs to help, I would.
|
|
|
| Author |
RE: new challenge category? maybe? :) |
SySTeM
-=[TheOutlaw]=-
Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank: The Overlord |
|
MoshBat wrote:
Futility wrote:
MoshBat wrote:
What you actually want is new challenges, and there are some ready, it's just we're all busy.
Speak for yourself. I'm not busy at all. In fact, I'm enjoying a 4 and a half day weekend of freetime. If someone would only give me the privs to help, I would.
By "we", I meant all the other devs. If only someone would get a move on and give me the privs I asked for, then we'd have a few more challs and bug fixes by now.
Subtle hints never have been your best strength have they? 
|
|
|
| Author |
RE: new challenge category? maybe? :) |
Lemur
Member
Posts: 644
Location:
Joined: 11.03.06
Rank: HBH Guru |
|
I already made a phreaking challenge... COUGHPOSTITCOUGH
|
|
|
| Author |
RE: new challenge category? maybe? :) |
puertoricanmaxwell
Member
Posts: 13
Location: Behind a Firewall
Joined: 15.08.08
Rank: Wiseman |
|
soo.... I guess it's a no for my suggestion? |
|
|
| Author |
RE: new challenge category? maybe? :) |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
In normal conditions, you can't view the server-side language PHP. If you are in the unique position of having the ability to view PHP source, all you need is some basic coding skill and common sense to exploit the system.
The challenge category you are suggesting we create is called "Basic PHP Programming", there's only one challenge, and it involves reading, programming, testing and debugging. Have fun .
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: new challenge category? maybe? :) |
hilfialkaff
Member
Posts: 29
Location: California
Joined: 25.01.09
Rank: Elite |
|
|
Hmm, just a suggestion,, but isn't it better if we organize the basic challenges to become like XSS challenge, SQL injection challenge, etc since it has all the different types of techniques of hacking. |
|
|
| Author |
RE: new challenge category? maybe? :) |
yours31f
Second to one
Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank: Satan |
|
Have you completed them? They pretty much are...
Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.
|
|
|
| Author |
RE: new challenge category? maybe? :) |
What_A_Legend
...Legend?
Posts: 469
Location: On the Net
Joined: 12.04.06
Rank: Omniscient |
|
This idea is pretty much a no go. If we are giving code to exploit which is readable to the user everyone should be able to work out the exploit.
We also have a section kind of like this and its called 'Web Patching'. If you want to submit PHP code with an exploit in (ensuring it isnt one of the exploits already covered) please provide it as a 'Web Patching' challange.
This will then be reviewd by relevant admin(s) and then accepted or declined as needed.
|
|
|
| Author |
RE: new challenge category? maybe? :) |
hilfialkaff
Member
Posts: 29
Location: California
Joined: 25.01.09
Rank: Elite |
|
|
MoshBat wrote:
Putting them into categories would "kill" half of the fun of finding out what exploit to use.
Hmm, fair enough |
|
|
| Author |
RE: new challenge category? maybe? :) |
bl4ckc4t
Member
Posts: 591
Location: /etc/
Joined: 07.03.06
Rank: HBH Guru |
|
Personally, I would much rather see a "Programming Challenges" section. Perl, C++, C, VB, VC#, Python, those kinds of languages.
This would be more beneficial to anyone here. It would also encourage people to learn more than just web programming languages.
|
|
|
| Author |
RE: new challenge category? maybe? :) |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
bl4ckc4t wrote:
Personally, I would much rather see a "Programming Challenges" section. Perl, C++, C, VB, VC#, Python, those kinds of languages.
This would be more beneficial to anyone here. It would also encourage people to learn more than just web programming languages.
Since when is VB beneficial to anyone?
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
Main:
