Join us on Slack!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, October 24, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 52
Guests Online: 50
Members Online: 2

Registered Members: 119262
Newest Member: ArseniyHaunk
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Basic Web Hacking 5

henry123456789
Member

Your avatar

Posts: 79
Location:
Joined: 10.02.15
Rank:
God
Posted on 21-04-15 01:50
first I want to write bitterly that it is a shame and a pity that I see these two links which give the solutions :

https://www.hellboundhackers.org/articles/read-article.php?article_id=94


https://www.hellboundhackers.org/articles/index.php?cat_id=10

I hate them and the idea in itself

Concerning the challenge

The format of the solution is like this :

usernamePfftassword

from the source I know the username and the password

admin:* (* is a word which in turn is the password)

I submitted the solution but it says invalid password !! I am sure I know what word replaces the asterisk and that my solution is right

I can pm someone the solution to check it for me so that I do not spoil

or may be I can get a hint here in the forum
Author

RE: Basic Web Hacking 5

Huitzilopochtli
Member



Posts: 1622
Location:
Joined: 19.02.13
Rank:
God
Posted on 21-04-15 02:03
Best read the article again if you're using admin as the username.
Author

RE: it is absurd

henry123456789
Member

Your avatar

Posts: 79
Location:
Joined: 10.02.15
Rank:
God
Posted on 23-04-15 00:33
there is absolutely no logic and no sense in this challenge :

The challenge asks for the username and password . They must be entered in the following format :

UsernamePfftassword


However the article says another thing totally different which has nothing to do with the format of the solution :

"Somebody @ Somwhere . Something
Replace the . with a : instead and you only need to fill in the bottom passwd box with the email."

the article says that the solution is an email in a weird , odd format

"Somebody @ Somwhere : Something

so I wonder why from the beginning it is not stated that the format of the solution must be an email in the format Somebody @ Somwhere : Something? I mean instead of putting :

Enter UsernamePfftassword:

it will be

Enter Somebody @ Somwhere : Something and that is all !!

secondly , if the second form (Search an E-mailSmile serves nothing to the challenge so why is it put there !!!! for what reason?

thirdly , if we suppose that "Somebody @ Somwhere : Something" is the solution to the challenge , is Somebody the username and Somwhere the password ?? and if yes what is the Somwhere? what does Somewhere supposed to be ?
Author

RE: Basic Web Hacking 5

Huitzilopochtli
Member



Posts: 1622
Location:
Joined: 19.02.13
Rank:
God
Posted on 23-04-15 01:15
I wonder why from the beginning it is not stated that the format of the solution must be an email in the format Somebody@Somwhere:Something


The challenge itself tells you about the form and how it's intended to work, it's obviously not going to explain how to exploit any vulnerabilities in it.

if the second form (Search an E-mail serves nothing to the challenge so why is it put there !!!! for what reason


It's supposed to be part of the asterix system, other wise you would be looking at a login form, and not a supposed search system.

thirdly , if we suppose that "Somebody @ Somwhere : Something" is the solution to the challenge , is Somebody the username and Somwhere the password ?? and if yes what is the Somwhere? what does Somewhere supposed to be ?


Don't know.
Author

RE: ??????

henry123456789
Member

Your avatar

Posts: 79
Location:
Joined: 10.02.15
Rank:
God
Posted on 23-04-15 02:35
"The challenge itself tells you about the form and how it's intended to work, it's obviously not going to explain how to exploit any vulnerabilities in it."


I am talking about the format of the solution not how to exploit it . The challenge does not tell me that the format of the solution must be somebody@somewhere:something . The article does . The challenge tells me that the solution must be in the format UsernamePfftassword . No one would expect the solution to be somebody@something:somewhere if the article did not mention it

As for the vulnerability I googled about Asterix protect system but I could not find any tutorial associated with it .

"It's supposed to be part of the asterix system, other wise you would be looking at a login form, and not a supposed search system."

if it puts Enter somebody@somewhere:something instead of Enter UsernamePfftassword I will look for somebody@somewhere:something and not a login form Smile


"Don't know"

You already solved Basic Web Hacking 5 so you know if in somebody@somewhere:something , the somebody is the username , the something is the password and what is the somwhere Smile

I know the username and the password but I do know how to put the solution in somebody@somewhere:something there are three elements but I have only two elements the username and the password . What am I supposed to do . Any hint?
Author

RE: Basic Web Hacking 5

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 23-04-15 02:46
Years ago you could sign into sites using the username:password@email.com format.

Im assuming that this is based on that idea, and by entering a string in the format the article says, i.e. in a format it's not expecting, it causes the code to throw an error.

Use * for what you don't know, which is everything.

Edited by rex_mundi on 23-04-15 02:52
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Basic Web Hacking 5

Huitzilopochtli
Member



Posts: 1622
Location:
Joined: 19.02.13
Rank:
God
Posted on 23-04-15 03:14
what is the @somwhere


Amazingly enough it's where your email address would go.
Author

RE: do not like

henry123456789
Member

Your avatar

Posts: 79
Location:
Joined: 10.02.15
Rank:
God
Posted on 23-04-15 04:32
I do not like this challenge .

this is not a spoil as it is in the source code <!--attention admin: * is a wildcard -->

Enter UsernamePfftassword would be

admin:wildcard . Challenge solved

This is what I expected

May be I am still far a newbie to perceive more deeper but this challenge is not good at all