Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 31
Guests Online: 26
Members Online: 5

Registered Members: 82903
Newest Member: Piriformis
Latest Articles

Pen Test Challenge 1 Edited

Arrow Image An article on the Pentesting challenge. Sorry if it contains spoilers.



+--------------------------------+
| PEN TEST CHALLENGE ONE! |
+--------------------------------+

Well lets start.

Once you get onto the challenge page there are 6 links to different parts of the site. There is also a login on the main page. To start off with let's scout the site for anything we can find which maybe use to us. Oh look an admin panel...Let's think. How do we bypass a login? What is the most obvious way? Try a few methods out and I'm sure after a while you'll get it. If you haven't got it already, think SQL.

The way an SQL Login works is basically when it connects to the database it goes something like

SELECT * FROM users WHERE user='[YOUR SQL LOGIN INJECTION HERE] AND password=[.......];


which basically shows us that it finishes off that statement and gives a logical paradox: use an expres<em></em>sion that will escape the current field in the SQL statement, always be true, and make it end the SQL statement
SELECT * FROM users WHERE user=' [SQL QUEREY HERE]

So the "AND PASSWORD=" bit would be commented out.

Hopefully now you have the points from the admin login vulnerability. Let's move on.



Let's move onto another exploit. In another part of the site.
The next one I'm going to explain to you is an exploit in member's tools. You need to check every field you can for this exploit. The vulnerability is generally used by attackers to exploit a site with cookie stealers. (If it helps use FireFox's addon - TamperData).

This is quite an easy one. The only problem with it is, is that you have to search every field. God, George Bush Sucks.
Hopefully now you understand what I mean.


Now, we move on to another common attack used generally by script Kiddies using NetTools or other forms of skiddie programs. This is found on a different page. I'll let you find it yourself. It's located where people find out new information about the world and other events which are going on. There is information on the page which contains a lot of useful information for the exploit. The exploit should overflow the connection. How do you send lots of data at once to overflow it?!!11

That's right. All the information you need is given on the page. Check some of the information that is shared between the pages is vulnerable to an overflow. Now enter overflow data into it and VIOLIA! You've got it:)

Only two last things to do.
As I'm sure you've seen in the URL is '?page=...' so that shows that its including a local or remote file. There is an exploit about this.
http://en.wikipedia.org/wiki/Remote_File_Inclusion


This should tell you most everything you need to know about it. However if it doesn't RFI in very short means that you can take a file from another source and include it onto that website, so if you wanted to you could include a backdoor shell(c99, r57 are two very common ones) onto the site. Where as Local File Inclusion basically does the same but with local files(on the server's machine)(/etc/passwd, /etc/shadow). This should give you a good indication of what you need to do.

Last but not least is a cookie exploit(135 Points) which is the most important after the DoS exploit(125 Points). As I'm sure one of the first things you noticed about the site was that there was a Session ID being shown in the URL (PHPSESSID). You want to make it so the cookies think that you're admin. So using your brain, using TRUE or FALSE statements how would you trick something/someone into thinking that you are admin? Well I hope you got it.
One last tip, It is somewhere which is very obvious to set a variable.


Well I hope you enjoyed my article and I would love to get some feedback on what everyone thought.
I hope it helps some people.
Take care. ~x~



~~~~~~~~~~~~~
Shout outs to:
~~~~~~~~~~~~~
Cyph3rHell for helping me complete the challenge myself and just for being really cool.
Zephyr_Pure for checking the article over for me and giving me some changes for it and obviously for publishing it.

Thanks guys.

Comments

Zephyr_Pureon October 17 2008 - 12:40:59
Well, we've met the quota of 2 articles for this 1 challenge. You wrote very detailed hints and made sure to remove spoilers. If people can't figure out Pen 1 after this and the other one, they just aren't ready for the chall. Nicely done. One tip, though: Write and proof your articles in a word-processing program so that you can let it pick out your spelling and grammar errors prior to submitting it.
K3174N 420on October 17 2008 - 14:46:06
Handy article, to bad i've already got the 350 point max ^^ Seems to cover everything nicley.... Im sure this will be helping a lot of people Smile
sam207on October 17 2008 - 15:55:55
nice one... i m stuck in session part which I'll try to figure out.. Anyway rex_mundi helped me to get xss part... but didn't help me till now coz I already did 4 exploits..
sam207on October 17 2008 - 16:00:25
& yeah George Bush really sucks...
skathgh420on October 17 2008 - 16:11:12
Nice article man Smile (rated good)
skathgh420on October 17 2008 - 16:11:49
I meant (rated very good sorry) Grin
clone4on October 17 2008 - 19:25:04
nice article, won't compare mine and this one Smile but I think together they add up to quite nicely... Just to point out one mistake you repeated, the lfi/rfi you mentioned is in fact full disclosure, but I think thats all Smile Very good...
Zephyr_Pureon October 18 2008 - 00:31:59
I'll go ahead and comment again, since I can comment on what was said so far. It actually took quite a bit of thought to approve this one, even though I did proofread it before it was submitted. clone4, I actually did compare your article and this one... I looked to see if there were any other articles on this challenge, and I found yours. The comparison fit rather well, though; while your article was vague and equally as useful as this one, I allowed this one based upon its precision, its likeness to other challenge-related articles (which can tend to be rather specific), and this concept: Two articles on a challenge are all one would ever need to get "unstuck". This fit that bill. Mosh, I know this article (and the other on this challenge, of course) pretty much ruin the challenge by leading a bit too much... however, this is the state of all of the challenge articles. Not saying that's an illustration of the way it should be, but it is how it is now until that changes... which justified the approval of this one. Now, if I see any more Pen 1 articles, I don't expect them to get through... 2 is the magic number for challenge articles. Smile
K3174N 420on October 18 2008 - 11:49:08
"2 is the magic number for challenge articles. Smile" I wonder if thats why my artical on rooting challs 1,2,3 never made it...:right:
Cyph3rHellon October 18 2008 - 14:32:42
Nice article man (Very Good) Grin
cueballron October 18 2008 - 17:51:09
I totally agree with mosh, you have voided the entire purpose of this challenge. Poor. (N)
clone4on October 18 2008 - 18:33:20
hey just noticed; mine actually has less spoilers dude, matter of factWink
yours31fon October 18 2008 - 21:54:07
nice article.
Uber0non October 19 2008 - 21:33:51
When you pentest for real you NEVER have any premade guides, therefore a walkthrough kinda ruins the point of this challenge imo Pfft
Zephyr_Pureon October 20 2008 - 02:15:07
You never have a premade guide for any hacking... yet we have challenge guides of all kinds. The article gives away a lot for the challenge but, for those that actually want to learn from it and do it on their own, they will spend a great deal of time trying on their own and checking the forums first. For those that do just read straight from this (and ones like it) to do the challenges, they will either strive to learn as they should, or they will leave. Either way, it has no effect on the general consensus for now.
Uber0non October 28 2008 - 14:29:48
@moshbat: Can't wait Grin
Bubatuon January 10 2011 - 19:27:50
lulz... It's hard to translate to my language... :angry:
Bubatuon January 10 2011 - 19:28:09
lulz... It's hard to translate to my language... :angry:
adeadeadeon April 06 2013 - 19:34:37
nice article man thanks
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.