Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 19
Guests Online: 19
Members Online: 0

Registered Members: 82815
Newest Member: medjiking
Latest Articles

Real 9

Arrow Image A quick article on Real 9.



+----------------------+
| REAL 9 Challenge |
+----------------------+

This is a really easy challenge; I managed to complete it in fewer than 5 mins.
Well where shall I start?
I suppose first of all you read all of the information on the main page as that would just be the first obvious thing to do (Obviously after reading the challenge information).


The first thing I noticed was that there is a note from \"whitie\" which is all encrypted and I had no way to decrypt it until I found out the encryption type.

Reading on from that it says: \"We are now using a fancy MySQL thing for the admin login so no commie bastards can hack it\". Well, well. What do we have here then? \'A fancy MySQL THING\' obviously they do not have much knowledge on databases or security it appears.

Before we do anything, I think we should check around the site a bit for any more information we can find, check all the source codes and pages for any additional information.
Not found anything? Okay well let’s begin with defacing these Nazi bastards.

What do we know?

1. They are using MySQL for their default database which means that the site will login using MySQL.
2. They don’t know much about the database itself.
3. Their message is encrypted and we don’t know the encryption key yet.


So we try the most obvious things first. Go to the admin panel and try to login. Try the easy ones like “user=admin; pass=admin” and so on.
Do you keep getting an error message? “Sorry, this login is invalid.”
Well what we do know is they are using MySQL for their login/database system. If you haven’t got it yet, look for common SQL vulnerabilities.

Oh that was quite easy wasn’t it?
See I told you it wasn’t hard.

Well that’s the first stage completed, so now let’s move on again.
We’ve come to a page which says “Admin Info” and all the information we need is right there.

“ok, this is the first post so i\'ll just post some basic info.
username: *********
password: *******
encryption key: *****************”

So obviously we have all the information we need now. Now all we need to do is go back to the encrypted message which there was a link for on the “Home” page. Got it? Good.
Now you can go to “Decryption” and enter all the information which it asks for and decrypt it!

VOLIA! You’ve got the encrypted message which is now decrypted.

Last but not least all you have to do is send the decrypted message to the Liberal organisation which there was a link to on the challenge description if you read it properly. Open that link, insert the decrypted message and send it away.

See I told you it wasn’t very hard. It’s a very easy challenge.

Thanks for reading my article and again I would love to get some feedback on what you thought of it and how I could have improved it.

Thanks again.
~DarkMantis~

Comments

Zephyr_Pureon October 29 2008 - 11:05:32
Kinda goofy... kinda long-winded... but, it's accurate and doesn't give anything major away. Really, though, this one was probably the easiest of all the Reals, so I'm not sure it even needs an article. Regardless, you did good, but I'm looking to see something other than a challenge article for your next one... because, quite frankly, challenge articles are boring and teach nothing of any consequence.
sam207on October 29 2008 - 11:10:14
yeah the challenge articles are really boring but its nicely written... good job.. but this challenge wouldn't have required any tutorial coz its easy one..
Zephyr_Pureon October 29 2008 - 11:52:33
... Then, why did you write a challenge article, too? Pfft
sam207on October 29 2008 - 16:26:37
yeah i wrote but I didn't love it when I wrote it... & I tried to be very specific & short in writing the hints.. But writing articles for challenges makes me bored..
DarkMantison October 31 2008 - 12:43:10
Okay thanks for the advice guys. On the next article I write I will do it about something else. I'll have a think, do some reading and write an article xD Thanks again.
korgon November 18 2008 - 10:34:56
Boring, Deffo don't need help on this one.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.