Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 18
Members Online: 0

Registered Members: 82813
Newest Member: VesuviusSentinel
Latest Articles

_Realistic 7_

Arrow Image A guide to realistic 7, may contain spoilers.



Hello my fellow hellbound hackers, this is my article on realistic challenge number 7.
This article will walk you through the challenge and hopefully should help you to beat this ridiculous challenge.

Now, when you get on to this challenge, you need to find the real administrator, you will know who it is when you log in as them.

First off, we want to know the usernames for future reference, so let\'s take a look at the Teachers page. When you get on there, there should be the full name and an e-mail address, the part of the e-mail address before the at sign is the username.

Next, we need to find the passwords to go with the usernames, so let\'s look in the URL, say if I went to Mrs. Ann Feldman\'s profile, the URL would be: http://hellboundhackers.org/challenges/real7/teacherinfo.php?action=name&&id=9
Can you notice something about the URL? You should realise that we don\'t need their name, we need their ________.

Once we have found their information, we need to log in, but first, we get told our refering page is wrong :o
Now what? We download a referer spoofer! My favourite one is called RefControl, it is an extension for firefox and is available here: https://addons.mozilla.org/firefox/953/

As soon as you have logged in, you may notice something in your cookies that you might want to change, if you change it to the right thing, you should get a nice big bold message.

After we have spoofed our way into the teachers panel, and we have admin, it\'s time to change grades. If you have logged in as someone who can change at least one grade, you\'re doing well, from that you can edit the source to change the other grades and make them exactly like you are supposed to. If you have done it correctly you should get a nice little \"Grades changed\" message in red text. Next thing we need to do is change the salary of a certain teacher, the salary has to be 2000 or below.

Once that part\'s done, you will need to go to the page to contact them, make sure you analyze it very well. You should see something that\'s \"hidden\", now try and use your php knowledge and put it on the end of the URL, try and find the password file for the /admin/ place, if you\'ve used apache before you should know where it is.

Then, all that\'s left is to go to /admin/ and enter the username and password and get your points. This mission now comes with a checklist in the admin directory which tells you if you have missed something.

I know a lot of people have been and still are stuck on this challenge, hopefully this article may help a bit.
Please rate and comment :)

Comments

the_flashon May 10 2006 - 17:35:56
w00t I've been waiting for an article on this. Nice one dude! ^^
AldarHawkon May 10 2006 - 17:59:27
would have helped me if I had not already beaten it! Good job system
system_meltdownon May 10 2006 - 17:59:39
Thanks Smile
LiveFastDieFunon May 10 2006 - 18:26:22
Good article, but i'm still stuck on finding the hash. I've tried everything. Could someone please help me in the forum.
wolfmankurdon May 10 2006 - 18:42:41
i got stuck :$ this should help
godon May 10 2006 - 18:48:46
bingo! Grin
spywareon May 10 2006 - 19:38:43
System saves the day Grin Finally able to get some points Pfft
system_meltdownon May 10 2006 - 19:43:34
Lol, thanks Smile
thk-geoon May 11 2006 - 10:19:03
Sure but what about becoming an admin? It doesnt say..
thk-h3xon May 11 2006 - 10:32:11
Nvm got it now, it does say how you become an admin..
system_meltdownon May 11 2006 - 18:04:20
Yup it does indeed
deathrapeon May 12 2006 - 22:25:59
btw, it appears that there have been new obsticles added to the challenge? the "second trimester", or didi you not include that so that its an artilce and not step by step guide? And also, you don't need to edit the source, it'd be faster just to change cookie data on the teacher's subject, no?
system_meltdownon May 13 2006 - 12:02:35
Have you even done this challenge?
nights_shadowon May 14 2006 - 21:28:30
lol, good article, to this "ridiculous challenge." The challenges now are getting overly unrealistic
jaxpylonon June 17 2006 - 04:43:43
In response to deathrape: It is far easier to edit the source as you can do them all at once. I don't even know if its possible to do them individually. Great article, I'm just stuck on finding the admin password.
What_A_Legendon July 05 2006 - 10:12:53
Very useful. Just stuck on the very last part now. Oh well.
turbocharged_06on February 10 2007 - 19:28:21
which site are we suppossed to be reffered from??
turbocharged_06on February 10 2007 - 19:43:45
nm that was easy
usmcrreed19on February 17 2007 - 13:12:34
Nice article, has helped me get in the right direction... at least now Im not completely lost... just somewhat :whoa: but I'll get it done eventually... good article...
sleazoidon February 19 2007 - 03:43:08
ilu helped alotGrin
paranoiahaxon April 05 2007 - 21:19:17
i'm stuck on the referrer bit..
Little Bad Wolfon March 23 2008 - 20:08:53
i can say that use spooftoolbar its also firefox addon also its better than refcontrolGrin
Little Bad Wolfon March 23 2008 - 20:09:24
was that too much?:right:
thetyr3nton April 17 2008 - 06:38:25
how do you find the passwords for the teachers?
iantharanon June 11 2008 - 01:54:01
great article system! one thing i cant do is get to the admin directory, so if anyone wanted to pm some help that would be appreciated Grin
iantharanon June 11 2008 - 01:58:21
actually, i found the dir just cant find the pass now Grin
Medusaon June 12 2008 - 19:19:14
I found the dir easily and the secret pass, but i can't find the teachers' passwords. I read all the articles but everyone has found it easily but meSad. This article say almost nothing about that just 'notice the url (action=name&&id=9)' we don't need their name, we need their p***w***' Frown. If i replace.... nothing happens
Medusaon June 20 2008 - 23:48:28
I 've just realised that I 'm BLIND :xx: !!!!!!!! Forgive me Wink
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.