Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 26
Members Online: 2

Registered Members: 82858
Newest Member: alexxkim
Latest Articles

Real 5

Arrow Image Tutorial from Real 5



Real 5:

Skills:
Javascript,
Basic HTML (Understanding)
Password Cracking.

What you Need to do:
get BillSmith's password, check your email and replace your cookies with Bill Smith’s
read his email
Find BillSmith’s folder and change his permission to \“Read All\
cover your logs by accessing the .htaccess file and replacing your IP with the old one.
Find admin to report name to.


Thats the basic info we need also we get a username/password so lets log in.

1.
Now looking about for a way to get a password, probably a hash, Hint: a lot of this challenge is just looking at the source or Directories. Found somthing odd? Well they wouldn't make it that easy would they now? Maybe thats just a hint of where another one is hidden.
Once you have BillSmith's password lets do the next step.

2.
Next we need to read some of Billsmith's mail, well if you had any sense you'd have seen the email system. Why not go there.
Okay, it tells us that changing the cookie is the way to do it. Right now how do you change a cookie? If you are really stumped look at the basic skills I mentioned at the begining. Lets check ours first hmmmm there isnt one set for the challenge. Oh well we will just have to guess, there are only 4 common forms for each ;). Mustn't forget to refresh.
Oh whats there's new mail ;)

3.
Hmmm doesnt give us much info about the directory, have a look around he has mentioned it.
go there :)

4.
looks like we're nearly done!
Okay what was the first thing? set his folders permission to 'Read All' but in numbers, <insert research here> okay that done. It's not 775 but thats close :P
Now we need to edit the logs through the .htacess file well lest go back to that directory. If you liek try the files one after the other. Ok, but what wa sthe old IP? Again remember my earlier hint have a look around that page. Now you'll find two IP's, try each one and compare the results. You should be able to work out which is right.

5.
YES! Now all we need to do is report him.
Well back to the special directories page. Lets have a look around. 'Please use actions'??? Thats odd maybe there is somehting hidden next to it. ;) Got it? well we need it for the main directory hmmm well there is a command a url thingy to do this '../' without ' marks.

::Didn't find it? well it just makes you life harder, You want to reports someones activity have a few guesses at the main page::

6.
ok, fill it out and send :) Wait it doesnt work!!! hmmm well lets check it out. Remember my hint? Well done, hmmmm we need to report to sanderson. Well there are two ways to fix this, Javascript and the good old way edit source way. :)

And you're done :)

Comments

saxibleon December 26 2005 - 02:48:30
About time a decent mission article. Thanks to that i could get past the part i was stuck on. Your getting an Awesome from me
wolfmankurdon December 26 2005 - 16:18:59
My pleasure, saxible you forgot to vote Smile.
system_meltdownon December 27 2005 - 17:37:24
Thanks wolfman dude you rock Smile
Cynoxx_on December 28 2005 - 19:06:09
Indeed this is a very good article. Well done Smile!
macrostblackon June 06 2006 - 17:19:45
Great Article Wolfmankurd, really helped me without giving loads away Nice One!
TotcoSon March 22 2007 - 05:01:05
You need to complete all parts ...pm me? please? lmao
Thiseason October 21 2007 - 09:09:56
The article is good! But one step is not necessary in order to beat the challenge: No need to find Mr BillSmith's password! At least not necessary to complete the challenge... (thing... did u use it somewhere, once you found it?)
winkleeron May 10 2008 - 17:04:34
e-mail cookie duh
goluhaqueon March 30 2010 - 07:53:02
I did not need to find the password or change the cookies. Bill Smith's email can easily be accessed by typing in the name of the folder. My problem is guessing the name of the folder. The Name of the email is N** Dir******EMA**. Is that the name of the folder? I can't find it anywhere. Everywhere it returns a 404.
cyberking147on April 10 2012 - 11:22:09
What and where is the use of ?Directory variable?
Fantomon November 09 2013 - 15:13:23
*vg**vg**vg**vg**vg**vg*
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.