Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 25
Members Online: 1

Registered Members: 82826
Newest Member: Jakob
Latest Articles

Basic Web Hacking *ALL*

Arrow Image A good place to start. Simple instructions for every challenge. *VERY MINOR spoilers*



NOTE: While doing HBH challenges, I have come to realize that Firefox is the best browser to use. You can get it at
http://www.getfirefox.com

BASIC 1:
This is what is sometimes referred to as \"the idiot test\". If you have no idea what to do, you should look up what \'source code\' is on google. If you do know what source code is...

BASIC 2:
It\'s asking for the source of the IFRAME.
http://www.w3schools.org
is a good place to check out what IFRAMEs are and how they work. Then find the source and paste it into the textbox and submit.

BASIC 3:
This challenge is very easy to do if you have Firefox. You should search for \'firefox\', \'user\' and \'agent\' in google (without quotes). Follow the instructions on changing user agents to pass this level.

BASIC 4:
Read the error. If the password file isn\'t in the directory \'basic4\', then it might be a good idea to check other directories...
NOTE: the password is case sensitive.

BASIC 5:
Read the source code. Note:
* the format of an email address
* the format to enter the password
* ONE wildcard is sufficient for \"xxx.com\"
In my opinion this challenge wasn\'t a very good one.

BASIC 6:
A VERY tricky challenge, because you have to get the syntax exactly the same as the solution. First, you should familiarize yourself with the commands CHMOD and RM (in LOWERCASE). Next, find the directory where the \'logs.txt\' file is kept. This should be pretty obvious... where would you keep logs? Lastly, the way to write \'all+execute\' is \'a+x\' (without quotes).

Now you have to CHMOD the \'logs.txt\' file to \'all+execute\', RM the \'logs.txt\' file and RM the other log file that you will find. Don\'t forget the dollar sign, and you MUST put a space after the dollar sign before you put the command.

BASIC 7:
For this challenge, you need to know about how to do simple javascript injections to find your cookies and how to change them. Once you\'ve located the username you need, submit it in the form. Oooops! You\'re not authenticated! How do you get authenticated? Remember the intro talking about ASCII encryption? What it means is that it checks the username you enter against a cookie which contains the (binary) encrypted form of the username. I recommend
http://www.yellowpipe.com/yis/tools/encrypter/index.php
Once you\'ve converted the username into binary, change the username cookie into binary form (without spaces). Refresh the page.

Now you have to get past a SECOND form. But, remember how the intro said this form was vulnerable to SQL injection? Look this up (there are some good articles on HBH) and type in the injection. More points!

BASIC 8:
It\'s always good to try some random text as a password. Who knows, you might randomly guess the correct password! But you should always check the source, even for the most unlikely pages such as the one that tells you you\'ve got a wrong password...

See the commented tag? It shows how you can input a GET variable into the PHP script. Google this if you don\'t understand what I\'m talking about. Now, you want to find what the database contains, so instead of just trying to find rows WHERE password=\'xxx\', use a more general statement...

BASIC 9:
You should have a good understading of how the Posion NULL Byte attack works. Google this to see what it is, but I\'ll try to explain what it does. Basically, it tricks the script into thinking it\'s the end of a command. In this case, try looking for where the login script is and append a NULL byte on the end. This takes you to the next stage where you can read the PHP script to find what username and password you\'ll need.

BASIC 10:
You\'ll need to be able to change your IP, and I think you\'ll have to use a proxy. My IP was already in one of the allowed ranges so I didn\'t have to do much for this challenge. If you\'re lucky, you won\'t have to either. Just click the link to test whether you need to change your IP or not.

BASIC 11:
Go back and see what you did for Basic 3. This time, howver, you\'ll also need to change the OS specified in the user agent string as well. Wikipedia has a good article on user agents plus lots of examples as well.

BASIC 12:
For this challenge, you might need to disable any worm detection programs such as Norton Antivirus, as attempts to view .htaccess files may be detected as worm attacks (even though they are not). On the main page, look at the address. Try inputting different directories into the variable \'page\' and see what you can find. It may pay off to search how Linux checks passwords. Also, bear in mind that \"/protected/xxx\" is different from \"protected/xxx\". After finding the password hash, you\'ll need to break the encryption using a brute-force cracker. I recommend \'John The Ripper\' with the \'Cain and Abel\' wordlist.

BASIC 13:
It\'s as simple as it says. Log in as George! But you can\'t change the script using javascript injection this time because the <option> tags don\'t have a name. How else can you change the contents of a file? (ctrl+s may be helpful =D)

BASIC 14:
One of the simplest challenges. Remember what you did in Basic 1?

BASIC 15:
http://www.google.com/support/webmasters/bin/answer.py?answer=33570&topic=8460

BASIC 16:
You can try the injection you used at Basic 7. Whooops! It doesn\'t work! Look up other forms of SQL injection and try those...

Well, there\'s my first article finished. Please rate fairly, and tell me any corrections I should make.
-phoenix121

Comments

mozzeron June 07 2006 - 17:12:57
Not bad, mabye a few too many spoilers but in the main, good
-The_Flash-on June 07 2006 - 18:15:32
Well written. Except it's allready been written. Not many challenges need articles anymore. Still, good work
Elitest_00on June 07 2006 - 19:02:32
Good job...
6340on June 08 2006 - 01:34:11
lol yeah good article... @flash: all the challenges i need help with don't have articles:/ lol...anywho, yeah good article...
godon June 08 2006 - 14:04:05
ermmm nice article but basic 15 is kinda really really spoiled... no ?
phoenix121on June 10 2006 - 21:03:54
ok, thanks for the tips. i'll bear them in mind. please vote ^^
intersliceon June 13 2006 - 23:15:52
i thought u could change the form value with javascript... thats wat all the other articles said.something about layers i think
DotHacker0on August 08 2006 - 19:47:18
where should i familiarize myself with 'chmod' and 'rm'?
serveoif2on February 02 2007 - 00:31:23
Good job
devilred101on February 24 2007 - 08:24:40
6 isn't explained well enough, nor are most of them
Spiritus55on April 07 2007 - 22:06:06
Any body send me some help on 5? I know what to put in, just not the format. It's nothing in the usernamePfftassword submit (right?) and you put in *@*:*
raizondudeon April 12 2007 - 14:19:14
On basic 16, the same sql command DID work. Is it bugged? But then again, I didn't have to type anything in the box on b7 to complete it!
K-eNtiNon May 06 2007 - 15:13:19
Awesome man thank you!
Sic Re Mortemon May 06 2007 - 21:07:01
hm.... now we need to have an article for the remaining 6 challenges...
x-xon May 09 2007 - 21:04:24
Grin great article v helpful no spoilers lolGrin
XL_Bishopon November 04 2007 - 04:13:55
Very nice article, gives a helping hand, not a helping shoveGrin
COD3on March 03 2008 - 17:21:51
good article bro..it helped me out Smile
AMZ19on February 04 2009 - 07:20:53
So am I missing something way too obvious on b9? I can see the username but there doesn't seem to be any password info. is this one bugged or something?
newbeeon December 29 2011 - 07:19:21
you can change the values of the form in b13 using javascript injection. like this :- javascript:void(document.forms[form no.].elements[element no.].options[option no.].value="New Value"Wink;Smile
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.