Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 14
Guests Online: 14
Members Online: 0

Registered Members: 82886
Newest Member: The Slummy
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-07 20:52
Hey I'm having a little trouble with basic 12. I just need a little push in the right direction. I'm probably going to feel retarded for not getting all of it. I use LFI to view the /protected/ folder but it says that the files you can use are limited. I get stuck after that point. I have never really done LFI/RFI before so I don't really know exactly what to do. A little hint is all I want. Thanks Smile


Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-07 20:58
I don't get this, this challenge doesn't seem to behave like a real life lfi or rfi would, it seems kinda pointless to me Frown


Author

RE: Basic 12

flame_1221
Member



Posts: 179
Location: malaysia
Joined: 13.05.07
Rank:
God
Posted on 06-09-07 03:31
You must know how they protect the folder.
http://tinyurl.co. . .
127.0.0.1
Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-07 06:36
flame_1221 has the right idea.

also keep in mind it IS the file type. ".ht*****"

you can find tuts all over the net on how to protect an apache directory. You can protect files/folders based on IPs, certain files, all sorts of things. very interesting stuff.


Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-09-07 04:59
I read up on apache's .ht****** and its cr***() function. I'll let the old box in my room crack it with Cain tonight and tomorrow while I'm at school... I hope it is actually what I think it is, anyway lol.

[edit]

ok richo helped me with the encryption type... JTR ftw, pm if you need anything but I can't gurantee any help as I have never used JTR lol

[/edit]




Edited by on 20-09-07 05:18
Author

RE: curiousity


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-10-07 03:02
i get the whole on right track thing and i see here that the person decided to use cain and able. Is that nessacery? or should i not need to be guessing?
Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-10-07 03:10
noober wrote:
should i not need to be guessing?


That is a safe assumption for all the challenges, yes. Deduce, not guess.



Author

RE: ah


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-10-07 03:18
good...im not a big fan of using other tools
Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-10-07 03:27
noober wrote:
good...im not a big fan of using other tools


Cain is a VERY capable tool, so you should not rule it out. My only suggestion was regarding how you approached the challenges. Focus on your target and work towards it. Really, you should do the same with any live targets, too. Don't just throw every tool you have at it... Only use your tools to make your work more efficient, not to replace it.

As for the challenge, just judge how to complete it sensibly. Cain is not required, I'm sure.





Edited by on 25-10-07 03:28
Author

RE: blah


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-10-07 03:30
ya i have been trying to read up on RFI and trying what i find just havent come across the right way i suppose
Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-02-08 17:09
google worked fine too
Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-02-08 17:12
@ captaintk: way to bring up old threads and answer their questions and give advice whenever they could be dead by now. The last post on this was last year. Just trying to keep this crap off the top...thanks


Author

RE: basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-02-08 17:28
You guys seem to know what your talking about lol so wondering if you could give me a little hand with this challenge, i figured out where the hash was atleast im pretty sure i did lol and i know i have to use a cracker but honestly i have no idea what to do...google isnt helping much i have a tutotrial on how to use JTR but just dont know if im missing somthing.

someone give me a hand.
Greatly appreciated.
Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-02-08 17:34
Scribe wrote:
You guys seem to know what your talking about lol so wondering if you could give me a little hand with this challenge, i figured out where the hash was atleast im pretty sure i did lol and i know i have to use a cracker but honestly i have no idea what to do...google isnt helping much i have a tutotrial on how to use JTR but just dont know if im missing somthing.

someone give me a hand.
Greatly appreciated.


After you crack the hash, simply put the username and password into the box to access the hidden folder, then open the only page there and get the points. After you get the hash It isn't that hard.


Author

RE: basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-02-08 17:55
K, you can call me a hardcore noob for this but i dont understand cracking the hash...if ya know of any sites that could help understand it that be great cause i cant find anything.

again thanks alot
Author

RE: reply to hash comment in basic 12 topic


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-02-08 23:53
Noticed you posted on basic 12 topic. That hash is a DES encryption hash and if you want to know more about it wiki is a good resource; here's a link http://en.wikipedia.org/wiki/Data_Encryption_Standard

Use john the ripper to crack the hash though if that's what you want to know. Look up articles on HBH for that. Cracking with wordlists is what you want to learn how to do.

Hope this helped you a little.
Author

RE: Basic 12


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-03-08 07:21
ShapeShifters wrote:
Noticed you posted on basic 12 topic. That hash is a DES encryption hash and if you want to know more about it wiki is a good resource; here's a link http://en.wikipedia.org/wiki/Data_Encryption_Standard

Use john the ripper to crack the hash though if that's what you want to know. Look up articles on HBH for that. Cracking with wordlists is what you want to learn how to do.

Hope this helped you a little.


What he said pretty much sums it up in a nut shell.