Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 18
Guests Online: 15
Members Online: 3

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Basic 12 - Feeling stupid


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-04-06 16:01
The title of this thread says I am feeling stupid, that's not true. I AM stupid!

Could someone give me a hint (tut/inject type)?
I have a feeling it has something to do with the page?= thingy,,

Any hints would be welcome (pm == good too Wink)

Thanks for helping a stupid person.

Ciao


Author

RE: Basic 12 - Feeling stupid

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 03-04-06 16:16
spyware. Hint: Not an Injection per se. look for an area you want to access Wink


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: Basic 12 - Feeling stupid


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-04-06 16:20
Do I need to know on what sort of server the site is running?


Author

RE: Basic 12 - Feeling stupid

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 03-04-06 17:37
no you do not need to know the server type.


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: Basic 12 - Feeling stupid


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-04-06 02:37
Look up how protected folders are made, that will give you a huge hint.


Author

RE: confused.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-04-06 20:17
After trying 100 or so directories and file names inside the php script and from the basic12/ directory trying names that you would expect with apache auth and such. And it is using ** file protection preventing them from being served to me normally.im just kind of confused if its a guessing game or am i supposed to do a buffer overflow or cgi exploit... or brute force attack. I know it says im on the right track plugging stuff into the php script but im woundering if its just saying that to throw me off.
I suck i Know...
Yeah i got it thanksSmile i had this stupid syntax error i kept making./

Edited by on 10-04-06 22:26
Author

RE: Basic 12 - Feeling stupid

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 10-04-06 21:45
just include the file that is protecting the folder and then take it from there.

simple Smile


http://www.hellboundhackers.org/
Author

RE: Basic 12 - Feeling stupid


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-04-06 15:26
*sigh - Ok, I have done it all. I have accessed the ** file, that gives a hint to the second *****d file. There, I see the "*:*". I tried to enter that in the protected folder pop-up, doesn't work. I have tried injecting it via the URLbar via "*:*@" - also, no luck. Can someone help me who did the challenge (compare the user/pass).

Thanks in advance
Ciao


Author

RE: Basic 12 - Feeling stupid


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-06 07:40
I'm trying to think of a file that would protect a folder and the only thing i can think of is a *.zip file, am I at all close
Author

RE: Basic 12 - Feeling stupid


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-04-06 10:32
@thronworld
Its not a zip file, try googling for "protecting directories"

What happens when someone wants to protect a certain directory? What is created on the server, to tell it that the directory needs a username password to enter it? Where is this created?

Hope this helps?

@spyware
It seems you are close, PM me what you have so far I will help you out.

Cheers

Dantronix


Author

RE: Basic 12 - Feeling stupid

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 28-04-06 00:07
I know that .ht*** protects something, but...