Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 19
Members Online: 4

Registered Members: 82824
Newest Member: devilslegion
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

*Basic 23* only need a tad of help

Mb0742
Member



Posts: 198
Location:
Joined: 26.11.07
Rank:
Apprentice
Posted on 20-12-07 05:06
Thank you for reading this thread first of all.

I have looked into this challenge and researched RFI. By what I understand its that it's main goal is to load remote scripts onto the server but the problem is any thing I try like a basic uploader fails and HBH tells me I am on the right track.

How am I meant to RFI in this case, is the challenge broken?


Mb

Edited by Mb0742 on 20-12-07 05:06
javascript:alert("hi")
Author

RE: *Basic 23* only need a tad of help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-07 06:43
you need to upload a shell to the web, and use the RFI to execute it.


Author

RE: *Basic 23* only need a tad of help

Mb0742
Member



Posts: 198
Location:
Joined: 26.11.07
Rank:
Apprentice
Posted on 20-12-07 07:10
a shell doing what?

EDIT I have pointed it to a script now that reads directory data, auto uploads files. But nothing works...


Mb

Edited by Mb0742 on 20-12-07 07:22
javascript:alert("hi")
Author

RE: *Basic 23* only need a tad of help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-07 07:46
just a simple one that
1) gets a command [edit] as in POST/GET [/edit]
2) executes it

google up on php shells. mine was only a few lines of code. its nothing complicated.




Edited by on 20-12-07 07:48
Author

RE: *Basic 23* only need a tad of help

Mb0742
Member



Posts: 198
Location:
Joined: 26.11.07
Rank:
Apprentice
Posted on 20-12-07 08:51
so close?

I am using
Code
<?php
echo $_REQUEST["number"];
?>




the problem is I don't think it likes ********=x.php?=

any help?


Mb

Edited by Mb0742 on 20-12-07 22:06
javascript:alert("hi")
Author

RE: *Basic 23* only need a tad of help

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 20-12-07 14:20
[Spoiler -_-]



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s

Edited by SySTeM on 20-12-07 15:58
http://bitsofspy.net
Author

RE: *Basic 23* only need a tad of help

Mb0742
Member



Posts: 198
Location:
Joined: 26.11.07
Rank:
Apprentice
Posted on 20-12-07 22:07
Fixed.

Now any help?


Mb
javascript:alert("hi")
Author

RE: *Basic 23* only need a tad of help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-07 22:17
Download a shell. You can get some here:


http://www.hellboundhackers.org/forum/small_collection_of_shells-14-10930_20.html#91449


Use. I mean.....it's so fucking easy Angry You've been given the answer multiple times in this thread already.....