Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 19
Guests Online: 19
Members Online: 0

Registered Members: 82813
Newest Member: VesuviusSentinel
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Page 1 of 3 1 2 3 >
Author

Basic 28

mikispag
Member



Posts: 43
Location: Italy
Joined: 14.11.06
Rank:
Newbie
Posted on 09-07-08 15:33
This seems to be pretty tough Wink

Let's see what can we get here...
No apparent SQL injection, no NULLifying, no RFI.

Furthermore, the objective is not really clear. What's the aim, exactly?

Thank you!


www.trovatel.net/img/userbar.gif
Code is written, future is not
http://www.trovatel.net
Author

RE: Basic 28

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 09-07-08 16:57
mikispag wrote:
Furthermore, the objective is not really clear. What's the aim, exactly?

I just took a quick look at it, and I have no idea yet :happy: that's the fun about this kind of challenges...


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 17:09
I guess the aim is to get a hold of a message containing the password or something like that. ^^


Author

RE: Basic 28

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 09-07-08 17:42
Last two posts removed because: contains a link which basically tells you how to do it, the idea is you're meant to work it out yourself, not follow a guide.


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 19:30
At first glance I was thinking it might be email injection...where you could inject additional headers in the $name or $from variable or whatever it may be, but I can't wrap my head around how I could use email injection to get a pass. Oh well, maybe I'll try some more later, I haven't touched a challenge in quite a while.


Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 20:45
I dont get it, does this challenge actually send emails? Doesnt seem to be XSS, which was the first thing that sprung to mind. Even read the link system deleted and cant work it out... :whoa:


Author

RE: Basic 28

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 09-07-08 20:46
jjbutler88 wrote:
I dont get it, does this challenge actually send emails?

Nope, it's a simulated challenge Wink I've got a few ideas now, just need to test them... (and I really don't think it's about about XSS)


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Basic 28

shadowls
You Like this!



Posts: 840
Location:
Joined: 07.12.06
Rank:
God
Posted on 09-07-08 20:53
The first thing came to mind was XSS, but does not seem like it is XSS.


If you think my post are useful to you, please vote for them. Thank You


knowledge is powerful itself - SHADOWLS


i41.tinypic.com/mjwz7t.jpg

Made by:agentmax69, but remastered by: KvK


Coffee
None None
Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 20:59
I think its either some sort of email header injection or some nifty BBCode style injection.


Author

RE: Basic 28

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 09-07-08 21:01
Uber0n wrote:
jjbutler88 wrote:
I dont get it, does this challenge actually send emails?

Nope, it's a simulated challenge Wink I've got a few ideas now, just need to test them... (and I really don't think it's about about XSS)


Erm, yes it does send emails actually... lol, not simulated. But thanks for guessing!


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 21:41
system_meltdown wrote:
Uber0n wrote:
jjbutler88 wrote:
I dont get it, does this challenge actually send emails?

Nope, it's a simulated challenge Wink I've got a few ideas now, just need to test them... (and I really don't think it's about about XSS)


Erm, yes it does send emails actually... lol, not simulated. But thanks for guessing!


It does? So, as a part of the challenge I should be receiving an email? Or no?? Becuase it's not sending me the email. This only furthers my suspicions that the object is to use email injection of some sort.


Author

RE: Basic 28

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 09-07-08 21:46
slpctrl wrote:
system_meltdown wrote:
Uber0n wrote:
jjbutler88 wrote:
I dont get it, does this challenge actually send emails?

Nope, it's a simulated challenge Wink I've got a few ideas now, just need to test them... (and I really don't think it's about about XSS)


Erm, yes it does send emails actually... lol, not simulated. But thanks for guessing!


It does? So, as a part of the challenge I should be receiving an email? Or no?? Becuase it's not sending me the email. This only furthers my suspicions that the object is to use email injection of some sort.


It's a form to contact the admin, so why would it send you the email? Pfft


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 21:50
system_meltdown wrote:
slpctrl wrote:
system_meltdown wrote:
Uber0n wrote:
jjbutler88 wrote:
I dont get it, does this challenge actually send emails?

Nope, it's a simulated challenge Wink I've got a few ideas now, just need to test them... (and I really don't think it's about about XSS)


Erm, yes it does send emails actually... lol, not simulated. But thanks for guessing!


It does? So, as a part of the challenge I should be receiving an email? Or no?? Becuase it's not sending me the email. This only furthers my suspicions that the object is to use email injection of some sort.


It's a form to contact the admin, so why would it send you the email? Pfft


Ah alright Pfft


Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 23:06

It's a form to contact the admin, so why would it send you the email? Pfft


Ive just done it! Read the sentence over and over until you get the idea.... Pfft

@system, what %age of sites out there are vulnerable (?) to this? Never really thought of it, but seems like it could be useful.


Author

RE: Basic 28

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 09-07-08 23:16
jjbutler88 wrote:

It's a form to contact the admin, so why would it send you the email? Pfft


Ive just done it! Read the sentence over and over until you get the idea.... Pfft

@system, what %age of sites out there are vulnerable (?) to this? Never really thought of it, but seems like it could be useful.


Well done Smile And erm, not sure, quite a few are though Pfft


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: Basic 28

shadowls
You Like this!



Posts: 840
Location:
Joined: 07.12.06
Rank:
God
Posted on 09-07-08 23:21
jjbutler88 wrote:

It's a form to contact the admin, so why would it send you the email? Pfft


Ive just done it! Read the sentence over and over until you get the idea.... Pfft

@system, what %age of sites out there are vulnerable (?) to this? Never really thought of it, but seems like it could be useful.


Im reading this thing over and over and over but stiill can't figure it out. Something about sensitive data im guessing. but don't know.


If you think my post are useful to you, please vote for them. Thank You


knowledge is powerful itself - SHADOWLS


i41.tinypic.com/mjwz7t.jpg

Made by:agentmax69, but remastered by: KvK


Coffee
None None
Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-07-08 23:24
Ok, so excuse my hat turning a little black for this question, but wouldn't this work in say - password recovery forms? Thats a pretty damaging vulnerability then.

@shadowls - The admin doesn't want you to get the email, but you want it. Really dont want to spoil it just think how you can get that email...




Edited by on 10-07-08 01:10
Author

RE: Basic 28

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 10-07-08 10:42
system_meltdown wrote:
Erm, yes it does send emails actually... lol, not simulated. But thanks for guessing!

Haha, as soon as I read this I beat it xD I was sure it didn't require a real email, but just needed any email as input Pfft


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: Basic 28


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-07-08 18:05
jjbutler88 wrote:
Ok, so excuse my hat turning a little black for this question, but wouldn't this work in say - password recovery forms? Thats a pretty damaging vulnerability then.

@shadowls - The admin doesn't want you to get the email, but you want it. Really dont want to spoil it just think how you can get that email...


What email?
Should I get the email that I just put before?
I don't get it...Sad
Author

RE: Basic 28

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 10-07-08 18:50
454447415244 wrote:
What email?
Should I get the email that I just put before?
I don't get it...Sad

You must do something to make it send the email to you. That's what the challenge is all about Wink


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Page 1 of 3 1 2 3 >