Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82852
Newest Member: sockpuppets
Latest Articles

Real 8

Arrow Image Guide on how to do the brute forcer for Realistic 8



For this one, im assuming:
1.You have access to a server in which you can run php scripts with cURL installed.
2.You have some knowledge on php.
3.You want to learn, not just steal other peoples work.

Ok, so there is 3 main steps to this bruteforcer:
-take password
-test it
-echo answer

We need a dictionary on passwords, you can get them here: http://www.outpost9.com/files/WordLists.html

get a wordlist, name it dic1.txt and upload it to your server, in the same dir as your php script will be.

( 1 ) To select each word we need to use a loop. We will use !feof(). This mean \'Not end of file\'. Before this we must open to the file and assign this to a variable:

$fh = fopen(\"dic1.txt\", \"r\");

The \"r\" parameter means its read-only.So, after weve opened this, we need to start the loop:

$fh = fopen($dic, \"r\");
while(!feof($fh)) {
$pass = fgets($fh,1024);

[CODE HERE]

}

The fgets function justs gets the line of the file.

( 2 )Now we need to test the passwords on the url: http://www.hellboundhackers.org/challenges/real8/admin.php

To do this we use the functions included in cURL. If this isnt installed on your box, just ask your server admin nicely :)

I dont want to give this challenge away so im going to leave this bit to you, although i will give you this bit of help:

$curlPost=\"uname=admin&pword=$pass&Submitted=True\";

( 3 ) We must find some words that distinguish a bad login from a successful one, in this case its \"Incorrect Username/Password\", but \"Incorrect\" will be enough.

To search the contents of our received page will use the eregi() function where $data is the contents of the retrieved page.

$result = eregi(\"Incorrect\", $data);
if ( $result == 0 ) {
echo \"$pass3 is the password!\";
break;
}

the break statement cancels the while loop, because we dont want to keep searching even after we\'ve found the pass.

Ok, so i hope i havent given too much away. This can be adapted to brute force many web-based login systems. Of course, there are other ways to do this, but this is just the way i did it.

I hope this helped,

Thanks,
Will.

Comments

wolfmankurdon November 26 2005 - 19:06:18
nice,why not add a bit about the getting hellboundhackers rules in the logs.
willeHon November 26 2005 - 22:00:29
mistake: echo "$pass3 is the password!"; should read: echo "$pass is the password!";
willeHon November 27 2005 - 00:48:19
thats why i didnt give them the cURL stuff, i gave them the opportunity to learn these special functions.
wolfmankurdon November 27 2005 - 10:53:10
Befor ethey changed the pass you could just gues sit.
willeHon November 27 2005 - 16:28:50
well you cant guess the new pass very easily, so this is why i wrote this.... :/
nicomahon April 04 2006 - 15:51:28
hint: also use curl for changing referer to what needs to show in the logs
a-hackon July 25 2006 - 00:23:14
I just did a buffer overflow attack
sharpskater80on August 09 2006 - 20:48:10
At first I did the buffer overflow not knowing this was possible, then I got curl working and did it this way. Great article. Smile
TotcoSon March 02 2007 - 05:04:33
thats smart a-hack i just tried it and it worked.
Death_metal666on July 23 2011 - 06:15:26
at first i had completed it by using buffer overflow attack. After reading this article i try this way too 100% working. nice article man
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.