Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 28
Guests Online: 25
Members Online: 3

Registered Members: 82838
Newest Member: w1zarrd
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 15:12
I m opening this thread about basic 20 because all others about b20 arent informative at all.

So, I tried a javascript injection (the simpliest thought eveyrybody can do) but obviously this
is not the correct answer!

It is mentioned something about sql and cookies. I dont know how this can be useful, though i have been
familiar with SQL and javascript, cookies, programming!

I need some help to solve this, or even better, an artickle || a good question for Mr Google...
Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 15:20
Well if you have tryed with cookie manipulation it has told you that "Nice try, but that isn't the answer we were looking for, there is another way to bypass this login, maybe it's a MySQL login that uses cookies..."....


Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-07 15:45
mozzer wrote very good articles. There is some challenge pretty similar to this basic.. (not18)


Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-03-07 13:19
So, help me to understand:
This isnt a blind _ _ _ ...
This does have to do with cookies and Headers??
If i m wrong can you give more help?
Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-03-07 13:37
1. part wrong
2. part is 50% correct



Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-03-07 13:49
cookie manipulation is not a solution!
header doesnt give any infos...

I m really confused :)
Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-03-07 13:52
It seems that you didn't read mozzers articles :whoa:


Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-03-07 14:39
Or you could speak to me and I'd explain my article


Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-03-07 15:23
here is a way to look at this challenge.

lets say we are talking about php-fusion.

after you are logged in you are given your cookie. your cookie contains your user id / password. each page refresh, the cookie is checked against what is in the database to make sure that your password in your cookie and in the database are correct. in order to know which username that we are checking the password for though we use a WHERE clause in the SQL statement with their user id. now go from there, and hopefully you should have a better idea on what to do.


Author

RE: Basic 20 help

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 21-03-07 16:07
well put chislam


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 21-03-07 17:50
ok! thank you guys for your help!

i was looking in the wrong place
Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-04-07 20:33
chislam wrote:
...each page refresh, the cookie is checked against what is in the database..

This is a very big hint...think about it...a cookie compared to a sql database with a WHERE...
Did you ever exploited a WHERE?
Author

RE: Basic 20 help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-04-07 21:53
its an SQL login that uses cookies... just think of what you use to manipulate cookies and how you use the SQL injections put 2 and 2 together Wink

if this is to much of a spoiler remove it please