Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 23
Members Online: 1

Registered Members: 82826
Newest Member: Jakob
Latest Articles

Basic Web Hacking 19 (updated)

Arrow Image A tutorial on Basic 19



#####################################################
# Basic Web hacking 19 by Turbocharged_06
#####################################################
Basic Web Hacking 19

Drake has been studying some more PHP and has learned about the PHP function: header(), he has also found out about a new form of encryption.
The password is here...somehow.

Knowledge Needed:
PHP header() function

Tools Needed:
HTTP Request and Response Header Viewer
Decoder
Web Developer Tools (optional)

O.k. First off if you don't know what the header() function is and what it does i recommend you read this first:
(1) In many disciplines of computer science, a header is a unit of information that precedes a data object. In a network transmission, a header is part of the data packet and contains transparent information about the file or the transmission. In file management, a header is a region at the beginning of each file where bookkeeping information is kept. The file header may contain the date the file was created, the date it was last updated, and the file's size. The header can be accessed only by the operating system or by specialized programs.
for more info go to http://www.devpapers.com/article/262

OK put the information you just read with the challenge description. You'll probably wanna read the pages header. To do this you can use an online HTTP Request and Response Header Viewer located at:
http://web-sniffer.net/
Or you can download Live HTTP Headers from:
http://livehttpheaders.mozdev.org. You can also Download a pluggin for firefox called Web Developer from https://addons.mozilla.org/firefox/60/ and
Right Click>Web Developer> Information>View Response Headers.
After reading the HTTP header you'll notice it is encrypted. You'll need to decrypt it using a decoder. When you find the type of encryption google "encryption type decoder" and youll find a decoder.
Enter the info you get and there you go 30 points!

Please rate my article and note any changes i should make.

Comments

Zer0Manon March 07 2007 - 04:26:17
Very informative and helpful.
sleazoidon March 07 2007 - 20:14:50
nice dudeSmile
cesnjakon March 07 2007 - 21:33:40
Kinda tells to much. But good anyway
Zer0Manon March 08 2007 - 01:06:39
Good update, have d/loaded the Web Developer FF add-on, thanks. Smile
korgon March 08 2007 - 16:04:27
Too much info this is a walkthrough, People should have gotten this without any help.
turbocharged_06on March 10 2007 - 18:32:03
What information do you guys think i should take off?
PUNKACon March 10 2007 - 20:18:50
THX...; )
Spiritus55on July 09 2007 - 21:20:55
Thanks, man. I wasn't aware what headers were. And this article showed me. I was able to breeze through this. To the people who say it gave away too much: If you just learned something you didn't know before, then congratulations, that is the point of this website. This isn't actual hacks, this is learning how to hack.
warb0ton July 30 2007 - 20:53:35
i feel spoiled Sad and i dont really feel like an understanding of the header() function is/was necessary in this case. Initially I thought we were supposed to call that function from the input box somehow or some sort of injection, but using an add-on made this script kiddie feel like a haxzor
turbocharged_06on August 28 2007 - 03:30:52
which script kidie?
TwoMuchCaffeineon October 28 2007 - 05:51:49
Great article. Helps with the challenge without spoiling it.
SilverHackeron October 29 2007 - 03:06:41
You Should remove some info. I recommend removing the HTTP response header part from web developer tools. When they search google for the php Header() action they will end up there Grin
mavrikon May 28 2008 - 23:03:05
Great Article!Wink Helped a lot and gave new info too.
Death_metal666on May 30 2011 - 16:48:45
Great article. Helps with the challenge without spoiling it.GrinGrin
MaddinWon November 08 2011 - 20:48:37
I used wireshark to filter out the HTTP-transaction. If you are doing that as well, start capturing and filter for the IP of HBH. Should be easy to figure out for anyone who commits himself to hacking.
crashOverrIdeon March 01 2014 - 00:00:00
Tnx alot...m tru!
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.