Follow us on Twitter!
It is never to LATE to become what you never WERE.
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 22
Members Online: 2

Registered Members: 82893
Newest Member: mor-amit
Latest Articles

Real 11 Noob 2 Noob Spoiler Free...But Has Everything You Need

Arrow Image Completing A Programming Challenge Through A Non-Programmer's Language… Visual Basic



Real 11 Noob 2 Noob Guide With Visual Basic Code Snippet


We just got an email from a co-worker and here is what it said "This investment firm gave me bad information on which company to invest in, now im in the red! Can you delete the databases and all the pages, I'll give you a cash reward.".
Difficulty: Insane!!





To delete the database we would need to be the administrator
So who in the company is the admin?
Let’s check out their staff list......

We've got 3 or more admins, why not try the head admin.

Jot down his name and it's time to login


Well neither we know the Username and nor the Password...So what we gonna do???
Well do what you can View-Source / Sql Injection / View-Cookies / Forget Pass Link
And OOOh the help link, yeah we sure need some help so lets click on it
Take a look at the staff notice, Alright we have the Username but Password???

Okay we will give it a try...Username & a dummy Password.... WTF???
It locked you out...Gosh....

So… if it has locked the Username & Password box may be there is an attribute in the Source-Code
that has disabled it, so lets save the file & change the value of disabled from true to false
But hey!!! Look at the action field…..”Looks Can Be Deceptive"….lets view it's source...

Okay we got the hash, now what??
Well if you cant answer that may be you should go and play counter strike and after you have done with it visit the following site:-http://gdataonline.com/seekhash.php

Now use the login Username & the cracked Password.....Ahaaa we are in...

So what was our mission (Yeah besides completing the mission for 150 points and taking the cash reward) deleting the databases and all the pages.

Click on the first link....

OMG!!! we have to return the random value * 2 under 1 second.
Now if you are not one of the people’s from the TV-Serial "Heroes" we have to start coding...


Before that let’s try the other link as well
Hhhmmmm something about decrypting the key through an application named "Keycheck"
and return that in 1minute, that’s quite humanly possible if only we had the key.

Think where could that “file” be, may be in some directory.
Once you got the file open it.

Now go to the link again where the file was needed,
try entering the random string into it

Click on check you'll get "invalid key entered" but why what happened??
Take a Break Kid This Challenge Isn’t worth 150 Points For Nothing.

Read the webpage again regarding the Keycheck application
It said something about decrypting & the Keycheck application that we have
has the button named "Check"...


It's time to do application cracking....load Olly Debug


Search for all inter modular call and put a break point at StrCmp
(Though it would produce the same effect with StrComp)

Just press the check button...Hhhmm..we see a Unicode value
well change that Text To HEX, if you are having trouble, just keep the F9 key pressed
till it passes the loop and you'll see the Loooooong HEX value in the dump at the end.

Enter the value in the Keycheck application...Aah it greets us with "Welcome To Keycheck!"

Now the button named "Check" has also changed to "Decrypt", use this to decrypt the number and submit at the page.




Visual Basic Code:-
In the VB's component section, project--->component
Choose Microsoft internet controls

In the reference section, project---references
Select Microsoft internet controls & Microsoft HTML object library.

Drag & drop the browser control and resize at will.

We will also need:-
1) Command button
2) Text box
3) Timer

Enter the Textbox’s text as "http://www.hellboundhackers.org"
[Without the quotes]
Make the timer's interval to "2" [Without The Quotes]

Double Click On The Command Button and enter the code to open the URL in the web browser Eg:-

webbrowser1.Navigate Text1.Text


Double click on the Form and enter the same code.
webbrowser1.Navigate Text1.Text
[The URL in the text box will be opened when the Form loads]


You may build a routine or a function, I’ll give you the first few lines:-

Public sub HBH()
Dim objDocument As HTMLDocument
Dim str

Set objDocument = webbrowser.Document
str = objDocument.documentElement.outerText

This code is setting a variable for handling HTML documents and
then the text of the HTML document is stored in the "str" variable.

What you have to do is write a group of statement that filters
that Number Part from the body of the HTML document.
Use Instr(), Left(), Right()...That’s all you need

Okay so you filtered out the number, but how are you going to send that to the website??

First save that number Double it’s value & save it in a variable Eg. "num"

Then do something like this
str1="http://www.hellboundhackers.org/challenges/real11/clients/backup.php?number=" & num
webbrowser.Navigate str1
End Sub



Now to code the final part
When to call??

We have to call our function/routine when the page having the
random number appears...
We Know Its URL... "http://www.hellboundhackers.org/challenges/real11/clients/backup.php"

Double click on the timer
Write the code to execute our HBH function/routine when the web browser's location is = "http://www.hellboundhackers.org/challenges/real11/clients/backup.php"

And you are done.

PS: If you encounter the message “You took too long or wrong number”
Right click on the page and select back.

If after submitting using “Keycheck” application, you click on return to the Admin Panel
& it shows “Page Not Found”

Look for the same page a directory down.

Rate It People…………………….

Comments

Priya_Samuelon February 11 2007 - 19:13:02
Just redid it with vb..thanx....i thought u would be using vb withCURl..but i was wrong..
-The_Flash-on February 11 2007 - 19:30:03
Why the fuck do you capitalize every word. Over-use '...' and continue to abbreviate with R/U etc. Also, your structure is shit. I need to complete this challenge but would rather not if it meant completion was after reading such a horrible article. I would of declined this.
UnknownFromHellon February 11 2007 - 19:46:49
Thanx "Flash" In Future I'll Make The Structure More Presentable.... And For Capitalization Stuff ... Just Personal Preference.
minermonkon February 11 2007 - 21:27:58
i was willing to overlook flash's harsh analsis and i gotta say.....im glad i did. The content is good and well worth the time it took to read but the presentation is a lil poor still.
system_meltdownon February 11 2007 - 22:02:45
This article would have been much better with normal capitalization and correct grammar, nice work though.
UnknownFromHellon February 11 2007 - 22:28:37
I've Read Flash's Comments on Different People In The Forums.... And What I Think Is That, He's A Person Who Is True To The Heart.... Though He Points Out The Flaws In A Hard Hitting Manner....But That's What I Like About Him... @minermonk & system_meltdown Thanx For The Appreciation...
downloadon February 13 2007 - 06:05:03
good guide. personally I don't like VB much, so I used javascript with greasemonkey in firefox, works pretty good.
UnknownFromHellon February 13 2007 - 07:17:04
@download I Tried To Do That With Javscript But It Always Submitted The Wrong Answer(Flawed Logic),So I Shifted To Ruby And Then Ported That Code To VB.. @SsAgEnT & download Thanx For The Appreciation...
Uber0non February 13 2007 - 11:25:06
A very complete guide, but as you've already said some grammar and capitalization errors should be fixed. Good work man.
UnknownFromHellon February 13 2007 - 12:08:27
@Uber0n Thanx For The Appreciation... Love Ur Cat....
UnknownFromHellon February 13 2007 - 12:09:00
@Uber0n Thanx For The Appreciation...
UnknownFromHellon February 13 2007 - 20:17:42
This Getting Pretty UglyGrinGrin
Jimmyon February 21 2007 - 05:28:49
nice article. helped me alot after the keycheck part (i was already here when i read this). - Jimmy
UnknownFromHellon February 21 2007 - 13:57:52
Thanx James For The Appreciation
kaksiion February 27 2007 - 12:52:23
This article is AWESOME. I passed the challenge and got !!!150!!! points. I cannot be happier. Your article rules man. Peace.
UnknownFromHellon February 28 2007 - 09:06:12
Pascal Casing Modified After 700 ReadsAngry @KaksiiCongrats Grin & Thanx For The Appreciation Hey Why Was Killstream's Comment Deleted??
UnknownFromHellon February 28 2007 - 09:06:18
Pascal Casing Modified After 700 ReadsAngry @KaksiiCongrats Grin & Thanx For The Appreciation Why Was Killstream's Comment Deleted??
necr0sixon April 22 2007 - 14:53:44
thanks man, this really helped, im so nearly there. also, i love all your other noob to noob stuff --- a reference for the rest of us
wakeride115on June 22 2007 - 18:47:27
This Article was awesome. I never would have finished unless i had read the last part about completing the challenge. I could not figure out why it kept saying "page not found"!! Thanks man, and Great article :ninja::ninja::ninja:
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.