Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 12
Guests Online: 12
Members Online: 0

Registered Members: 82813
Newest Member: VesuviusSentinel
Latest Articles

Real 16 Noob 2 Noob

Arrow Image From A Noob To Another



Spam Company

Mozzer is a freelance website developer. One of his projects from 6 months ago turned out to be for a corportate spamming company. When he went back to check on it he was horrified and set about trying to hack his own code. Unfortunately he couldn\'t find anything but noticed that there have been some slight alterations to his code. He mentioned something about \"common directories\", \"session management\" and \".inc files\". Once you get access you will need to use the post system to edit the email database to say \"admin@spamco.com\". Hopefully a dose of their own medicine will sort this company out!!

Difficulty: Very Hard



Tools of the trade:-
1) Tamperdata/Live HTTp Header (cookie reading)
2) User agent switcher
3) Should have read http://www.cgisecurity.com/lib/SessionIDs.pdf
or should posses’ knowledge about session management.
4) Should posses’ knowledge about \"common directories\" and \".inc files\".


Mission: Get in as admin, and to use post system to edit the email database.

Now to get in as admin, we could try different things
Look for admin directory, edit cookie, robots.txt etc.

But Notice what Mozzer mentioned in his message, something about session management
Well… so for attacking the Session ID,
1) Either we should know the admin’s Session ID or
2) We would use our Session ID to inject in his cookie

The first one seems pretty tough, but the second one is possible..
How????
If we some how get the admin to click on a link with our Session ID.

To find your Session ID use Tamper data or Live HTTP Header, though you may use JavaScript… but why write when you can just copy-paste.

Make use of the directory that is used to include files and remember we have to login as the admin, so use the login.php url.

Now where to put the URL..
As stated before, we have to make the admin click on our url
So where could we possibly use it, right the “Error Reporting” link.

Enter the url and submit it.


When you click on post message link,
Enter address as admin@spamco.com [without the quotes]... Click to post.

Either the page would change due to META Tags or your post would not be submitted, check the source of the page \"post message link\" to know why.

Use the “logs” to answer your question.
Still stumped!!! Well we didn’t use the 2nd tool of trade.

PS : Comments required especially from -The_Flash- & Killstream

Comments

turbocharged_06on February 15 2007 - 23:04:08
good job it wouldve been nice if you showed us the "second tool of trade":happy:Grin
jaggedlanceron February 16 2007 - 08:39:43
That really explained alto to me, Thanks Grin but as above adding the useragent bit would be good but spose you cant spoon feed us :happy:
Priya_Samuelon February 16 2007 - 09:26:48
The link was a good read
UnknownFromHellon February 16 2007 - 14:36:47
@turbocharged_06,jaggedlancer & Priya_Samuel Thanx For The Appreciation.....
UnknownFromHellon February 16 2007 - 18:30:33
@SsAgEnT Thanx For The Appreciation.....
hack4uon February 16 2007 - 23:39:25
very nice job beating the challenge and writing up the article. had me stumped for a while .. should have thought of this sooner. ill be doing it later on i guess. 5 out of 5
Larikaon February 19 2007 - 17:21:53
Very nice man, i think youre not a noob
UnknownFromHellon February 19 2007 - 18:11:29
@Larika I Am A N00B Trust Me,If I Would Have Been An Elite I Would Have Used Firefox Instead Of IE For Real15...(I Think I Told You That) Thanx For The Appreciation.....
kaksiion March 02 2007 - 16:26:58
This article is AWESOME. Again, your articles helped me. Thanks a lot. Now I know that exploit and it will sure help me. Thanks
UnknownFromHellon March 02 2007 - 16:42:53
@kaksii Thanx For The Appreciation.....
mikispagon March 10 2007 - 12:41:05
Awesome! Thank you for the article!
UnknownFromHellon March 16 2007 - 11:08:55
@mikispag Thanx For The Appreciation.....
FaTaL_PrIdEon April 30 2007 - 09:50:05
Nice article - helped me out completing this one. Nice work.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.