Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 24
Members Online: 2

Registered Members: 82854
Newest Member: Dyno890
Latest Articles

Basic 18-27(-24)No spoilers

Arrow Image This is an article to help you pass the basic levels..There are no spoilers just a few hints..Enjoy!



Basic 18-27(-24)(spoiler free)

____Basic 18____
Ok you read the description but what the hell is blind something well it\'s got the letters that is an abbreviation of something;)
So what you need to do now is read up on Blind *** and try and see if you can use it to your advantage.I would start by reading:
http://www.hellboundhackers.org/articles/345-blind-sql-injection.html
Then reading:
http://www.hellboundhackers.org/forum/viewthread.php?forum_id=7&thread_id=12870#110991
to push you in the right direction

____Basic 19____
Well he know it\'s something to do with the header so read up on it google it etc. and go to:
http://web-sniffer.net/
And find out what the password is!But it\'s encrypted:0 How do we know what type of encryption it is???:(
OH!Look the site has told us find a decryption tool for that encryption decrypt it and there\'s your answer!
My personal favorite is:
http://www.senses0.org.mv/popzees/rot/rotn.php
____Basic 20____
Well it says who you can login as so why don\'t you!
Great now you should see a message saying logged in as fire.But we don\'t want to be fire.WHO do we want to be??That didn\'t work:(I know lets try a type of injection in the login page.That didn\'t work.Mabey we should mix the two together;)

____Basic 21____
This is a challenge that stumps almost everyone.Here is my advice to complete the challenge:
read this PDF:
www.ngssoftware.com/papers/advanced_sql_injection.pdf
After you read it try and put what you\'ve learnt into action.
HINT:Use the error message;)

____Basic 22____
Google up on Unix commands and use the one which will help you most.View the source to find a dir and use that dir in the command.Here\'s a little help:
http://www.indiana.edu/~uitspubs/b017/
Hint:You want to list the files in that directory;)

____Basic 23____
Alright well by looking at the description we know it\'s RFI.So if you don\'t know how to use it google!Right so let\'s look at the URL:
http://www.hellboundhackers.org/challenges/basic23/site/show.php?page=news
or
http://www.hellboundhackers.org/challenges/basic23/site/show.php?page=about
So putting the RFI into practice.
Hint:When you use the exploit you have do put in a particular site.

____Basic 24____
N/A

____Basic 25____
Here you have to obscure something that the actual HBH website owns;)After you get that thing change it to decimals and you have it!

____Basic 26____
Alright so we are faced with XSS...or are we?..Read this:
http://www.hellboundhackers.org/articles/748-css-xss.html
Now you should have a general jist of what to do.So try it out.HUZZAH!!You got it.

____Basic 27____
Right well if you read the description it gives you a pretty big clue.So try to right something like \'hello\' it comes out saying hello so you might think this is easy!I\'ll just write <script>alert(1)</script> unfortunately that\'s not the case.As you can see it takes away the script part so you\'re left with:
alert(1)
hmmm now try posting <
Yay that worked!So it filters the \'script\'part of what you type so if you typed:
1script1
it would come out with 11.See where I\'m going with this??Good!


Hope that helped!
Please rate.
SaMTHG
P.S Admins if you think my \'hints\' are too much of a spoiler please edit them.Thanks

Comments

SaMTHGon June 26 2008 - 20:53:16
PM me if you need anymore helpSmile
Uber0non June 29 2008 - 12:40:34
Why couldn't you wait until you had done Basic 24? I mean, what's next? Basic 1-4,7-12,16,18,21-23? :right:
redhothackeron July 03 2008 - 21:15:17
Not bad .You wrote it without giving away too many spoilers.
UnknownFromHellon July 25 2008 - 11:36:21
@Uber0n Grin
fallingmidgeton August 15 2008 - 23:51:08
it was ok gave away abit to much on some of them
Zephyr_Pureon September 01 2008 - 06:45:06
It's a challenge article; can't rate that anything more than Average because it takes no creativity to write one.
t0xikc0mputeron February 12 2011 - 02:36:42
That didn't workSadI know lets try a type of injection in the login page.That didn't work.Mabey we should mix the two togetherWink
Is that a hint, (javascript injection) or is at the end just a wink Wink
t0xikc0mputeron February 12 2011 - 02:37:33
That didn't workSadI know lets try a type of injection in the login page.That didn't work.Mabey we should mix the two togetherWink
Is that a hint, (javascript injection) or is at the end just a wink Wink
t0xikc0mputeron March 03 2011 - 00:42:56
Basic 22 link doesn't work?
DonMilanoon April 09 2012 - 19:54:17
dude thanks, guess what, awesome article!Wink
olichipon April 24 2012 - 02:34:28
The link for basic 21 is dead
ellipsison February 17 2013 - 07:43:05
link to advanced sqli 404'd
Stephawkon January 15 2014 - 22:47:03
link update: https://hbh.me/advancedsqlinjectionpdf
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.