Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 15
Members Online: 5

Registered Members: 82895
Newest Member: kevy90
Latest Articles

Passing Real 14

Arrow Image An article written to help people pass Realistic Mission 14. No real spoilers.



I just thought I\'d make a tutorial on how to pass the HTS Real 14 Mission.

I\'m going to try not to include any huge spoilers, as this mission and Real 15, as I\'ve found, are the two funnest HackThisSite missions, and you learn a hell of alot from both.


Well, starting out, you\'ve got a message from a friend, OutThere (who happens to be a real HTS member). He\'s telling you that he needs your help, by gaining Admin access to a corrupt website, Yuppers, which happens to be a joke on Yahoo!


Ok, so you\'ve been looking around, but have found nothing. There\'s a good reason. This is Real 14, you\'re not going to be spoonfed. I suggest you start looking through the source.

You\'ve started looking through the sources of various pages. Good. Find a file that might manage somthing that is constantly changing, that I\'m sure you\'ve noticed already.

Look through the source of that page. You\'ll see some things that won\'t really help you, then you\'ll see another file contained in that source. Go there. Oh, thats nothing interesting, you might think. Wrong.

Wouldn\'t it be great if we could get all the information within a file? Yes, I think it would, and I think you\'d agree.

Do some more looking around the pages, not the sources. Maybe, find a page that lets you read different pieces of information? Study that script a bit, notice what it does.

See how whatever you append to the URL is loaded in a .n*** file? Well, we know this website is using PERL, hence the file extension on most of the pages, .cgi. Learn about some PERL Exploits. Learn how unix interprets some charachters.

By now, you should probably know what you\'re doing. So appened a certain somthing to another thing using somthing else :) .

Wow! Look what we\'ve got. Sources. How nice and convenient. Look through all of the files on the server (that you can). Remember, just keep poking. This mission is all about poking.

This is the part that got me for about a month:

So you\'ve got a file that seems pretty damn important. Well, if you don\'t know PERL, now would be a good time to start learning.
If you know PHP, you can probably make out about 60% of the source, but you\'ll still have to understand the functions, etc.

Look at the hashing method. Is there any way you can make somthing to tell you a valid id? I\'m sure there is. I used C++ for this one, but you can use practically any language, including everyone\'s favorite language, PHP. :)

So, you\'ve got a valid ID? Great. Go into where you need to go in (I\'m trying to avoid spoilers), and notice the options.

Well, you still don\'t have that Admin access that you really need, so what do you need to do? You don\'t know the admin\'s username, so how could you find it? Well here\'s the part that everyone makes out to be really hard, although it\'s the easiest part. Learn about a little think called \"Regular expres<i></i>sions\", aka \"Regexes\". You learned about them here at HBH, and if you didn\'t, then you shouldn\'t be attempting this mission. So you\'ve got the Admin\'s Username and Password (hehe). How great.

Now what? If you can\'t find this out on your own, well....why are you even on Real 14?

Congrats, you\'ve passed the first Insane Rated Mission, on HTS. Feels good, doesn\'t it?


I\'m seriously sorry if there were too many spoilers, I just didn\'t want to leave people sitting there, wondering what to do, as that was me for a good month or so.

Comments

Tontoon July 26 2005 - 06:32:31
Oh you crazy bizatch, telling em it's a .**** file being loaded is a bigger spoiler than linking em to rfp's CGI Bug article! Whatev, this level is great
metsoc30on July 27 2005 - 06:43:26
Why is there an article for HTS on HBH?
Tontoon July 30 2005 - 07:56:01
Computer Ethics (1) Ethics on Computers Encryption (2) Articles About Encryption Essays (4) Want to submit your essay? or need an essay? Find them here Graphics (2) Articles on graphics HBH Challenge Tutorials (15) HellBound Hackers Challenges HTS Challenge Tutorials (3) Articles About HTS Basic And Realistic Missions Linux / UNIX (5) All Linux / UNIX Related Articles Other (25) Other Articles That Do Not Fit Any Catagories Phreaking (3) Articles About Phreaking Programming (14) Articles About Programming Security (3) Articles About Protecting Yourself Social Engeneering (6) The Art of Deception Web Hacking (22) Articles About Hacking Windows XP Tweaks (15) Articles About Tweaking Windows XP ^^ becuz theres a section designed for it.
Rap70ron July 23 2013 - 19:17:06
.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.