Follow us on Twitter!
Hacking isn't just Computers & Exploits. It's a Philosophy. - Mr_Cheese
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 23
Members Online: 3

Registered Members: 82893
Newest Member: mor-amit
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Page 1 of 2 1 2 >
Author

C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 04:10
Hey guys, i have a quick question.

I do a lot of programming and i want to do the timed challenges here in c# or C++. The challenge part is easy i just cant seem to login to HBH. Here's my C# code that refuses to retrieve the source for me.


Code
CookieContainer cooks = new CookieContainer;
            HttpWebRequest webR = (HttpWebRequest)WebRequest.Create("http://www.hellboundhackers.org");
            webR.CookieContainer = cooks;
            webR.Method = "Post";
            // tried both get and post methods.
            HttpWebResponse webRs = (HttpWebResponse) webR.GetResponse();
            System.IO.StreamReader str = new System.IO.StreamReader( webRs.GetResponseStream());




Ive tried almost everything i can think of. i assume i am supposed to post the login info some how but i am not familiar with webRequests.

Thanks in advance :D


Edited by on 03-03-10 04:11
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 04:15
Look up the WebBrowser control. I can't be certain but I do believe it has everything you need. It's in some nonstandard assembly I think but seeing as you've got HTTPstuff in there already, you could probably find out where it is.


Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 14:37
Ive tried that, but the web browser control is not fast enough retrieving the source code and posting it back to beat the 2 second time limit, even after taking out all the graphical aspects of it. any other tips?
Author

RE: C# Site login

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 03-03-10 14:46
Login through a browser and use the active session through C#, that should work.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 15:37
Now thats what i would have thought, like i said that theory works with the webBrowser but not the webRequest or webClient, and the browser is way to slow. i guess its just because c# isnt made for this sort of thing. it does register the cookies and read the source, it just says i need to log in.
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 16:02
Well, I have absolutely no experience with C# whatsoever. But, it seems to me that it wouldn't hurt for you to actually, you know, either set the cookies to something or to actually post the specific info needed... heck, maybe even both. Just a tip :)


Author

RE: C# Site login

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 03-03-10 16:02
sk8more272 wrote:
Now thats what i would have thought, like i said that theory works with the webBrowser but not the webRequest or webClient, and the browser is way to slow. i guess its just because c# isnt made for this sort of thing. it does register the cookies and read the source, it just says i need to log in.


It should work... Ah well, you're probably better off doing this with perl/python, or, if you are well-versed in PHP, cURL.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 16:08
spyware wrote:
It should work... Ah well, you're probably better off doing this with perl/python

Ooooor, he could keep working on this in C# or maybe C++ as he previously suggested and learn something. At least if he's doing these particular challenges to learn something new within his language of choice. That'd be cool methinks.

spyware wrote:
, or, if you are well-versed in PHP, cURL.

Or, without cURL.


Author

RE: C# Site login

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 03-03-10 16:12
COM wrote:
Or, without cURL.


Raw sockets?

I agree that solving the problems in C# is more rewarding. OP might benefit from a small detour to a different language in which he/she can complete the challenge before continuing to debug the C# code.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 16:28
spyware wrote:
Raw sockets?

I agree that solving the problems in C# is more rewarding. OP might benefit from a small detour to a different language in which he/she can complete the challenge before continuing to debug the C# code.

Well, PHP has a simple thing called fsockopen which is perfect for these things. I'm just sick of hearing cURL being pushed in there every single time when there are other, built-in, easy options which will probably produce way less code for something this simple.
Plus that given the error the OP is doing (from what I can tell) he's got no idea of how the protocol works underneath and will continue making the exact same mistakes with cURL as well. Proof for this is the comment about trying both GET and POST methods. If he'd switch just like that he would probably have to learn HTTP basics, which would actually be my suggestion either way.


Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 19:00
If you know what you're doing and do some simple optimizations, you can have the C# execute only when you're already logged in/at the page in question. But yes, there are more functional programming ways of approaching this (PHP cURL being one of them, among many).


Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 20:29
COM wrote:
Plus that given the error the OP is doing (from what I can tell) he's got no idea of how the protocol works underneath and will continue making the exact same mistakes with cURL as well. Proof for this is the comment about trying both GET and POST methods. If he'd switch just like that he would probably have to learn HTTP basics, which would actually be my suggestion either way.


Exactly, i know the programming side of this, just not the networking side. i can do this in php but i want a challenge and would like to try it in c#. i know the data needs to be posted, i just dont know what data or format. i can write the data to the webRequest stream but i have no clue how it works or what it needs to log me in. i just figured passing the cookies was enough.
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 20:36
sk8more272 wrote:
Exactly, i know the programming side of this

I kinda have my doubts about that... but who knows, hopefully I'm wrong with them.

sk8more272 wrote:
, just not the networking side. i can do this in php but i want a challenge and would like to try it in c#. i know the data needs to be posted, i just dont know what data or format. i can write the data to the webRequest stream but i have no clue how it works or what it needs to log me in. i just figured passing the cookies was enough.


Christ, man, here: http://www.jmarsh. . .easy/http/ read up!


Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 03-03-10 21:17
COM wrote:
[quote]sk8more272 wrote:
I kinda have my doubts about that... but who knows, hopefully I'm wrong with them.


Thanks man, but have your doubts, im not here to impress. i got 2 done within minutes with php, i just wanted to learn something with c#. just because im new doesn't mean im a total skiddie. but honestly thanks a lot for your help :]
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-03-10 11:07
sk8more272 wrote:
Thanks man, but have your doubts, im not here to impress.

Yes you are, it's in the hbh rules that you had to accept when you signed up.

i got 2 done within minutes with php

And since you are not here to impress, we'll just pretend you didn't write that :)

i just wanted to learn something with c#. just because im new doesn't mean im a total skiddie. but honestly thanks a lot for your help :]

Didn't say skiddie, there are plenty of non-skids who can't code for shit, when I say I have doubts that's generally my default disposition due to experience, glad you understand :)
Anyhow, since you mentioned C++ up in the first post, I thought you might enjoy this standard link in case you've yet to look through it: http://beej.us/gu. . . I hope you'll give it a try.


Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-03-10 01:45
Ok, i finally got it, i read like 30 articles on http shit and found out that i needed to pass the fusion_user cookie as a header, that's it. i tried phpsessid which would have made sense, but no. fusion_user no idea what that is so can somebody explain that? and also why i couldn't just post "user_name=####&user_pass=#####"? and really thanks for the help :]
Author

RE: C# Site login

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 05-03-10 02:06
sk8more272 wrote:
Ok, i finally got it, i read like 30 articles on http shit and found out that i needed to pass the fusion_user cookie as a header, that's it. i tried phpsessid which would have made sense, but no. fusion_user no idea what that is so can somebody explain that? and also why i couldn't just post "user_name=####&user_pass=#####"? and really thanks for the help :]


you need to post the cookies of your active session, yeah. You could've logged in via C# too, you'd need to save the cookies in a cookiejar though.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-03-10 06:50
ok i have another problem, go figure. for example, timed mission 3, i think thats where you crack the MD5 hash. i send a request with my cookie header, i get a response and read the html, i parse it and get the hash and then crack it. now i cant figure out how to post it back. i need to enter the answer in a textbox, but i cant since its just a response with the html. ok thats fine but it posts the answer to "/index.php?check" but in order to post that back i need to open a new web request because i cant write to the same one. but if i open a new request it basically just gets another page thus a new hash and then its the same problem. Is there a way to post back without a new httpWebRequest? i dont think i can use the responseStream to post back more data and i cant write to the request after i get the response so im lost. i know ive been difficult but you guys have all been extremely helpful and i thank you, but i truly have never done anything this involved with http in any language so can somebody please explain how i could accomplish posting back the answer? if needed i can pm or post my code. any help would be GREATLY appreciated, i just want to learn :] and trust me ive tried google :/ Thanks in advance (again)

<edit>
I also was not using the PHPSESSID cookie, just fusion_user but i added both to the header and tried it again but still no go.


Edited by on 06-03-10 07:52
Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-03-10 09:58
sk8more272 wrote:
ok i have another problem, go figure. for example, timed mission 3, i think thats where you crack the MD5 hash. i send a request with my cookie header, i get a response and read the html, i parse it and get the hash and then crack it. now i cant figure out how to post it back. i need to enter the answer in a textbox, but i cant since its just a response with the html. ok thats fine but it posts the answer to "/index.php?check" but in order to post that back i need to open a new web request because i cant write to the same one. but if i open a new request it basically just gets another page thus a new hash and then its the same problem. Is there a way to post back without a new httpWebRequest? i dont think i can use the responseStream to post back more data and i cant write to the request after i get the response so im lost. i know ive been difficult but you guys have all been extremely helpful and i thank you, but i truly have never done anything this involved with http in any language so can somebody please explain how i could accomplish posting back the answer? if needed i can pm or post my code. any help would be GREATLY appreciated, i just want to learn :] and trust me ive tried google :/ Thanks in advance (again)

<edit>
I also was not using the PHPSESSID cookie, just fusion_user but i added both to the header and tried it again but still no go.

Well, you obviously still don't understand how these things work even though you proposedly have experience now with both http and php. So honestly I'd like to help, but I don't know how to really because I don't know where to begin. If you're lucky, empirical observation will enlighten you so here's a crazy-ass idea: actually open up a new web request and post it back to the same page.
You should know, these aren't apps that fuse together into one big superapp that has nothing to do with another one. These are separate programs working out of ifs, elses and reminders made of ID, you have those cookies for a reason.


Author

RE: C# Site login


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-03-10 21:33
I really don't have "experience" as this is my first time doing anything like this. i have learned a lot so far thanks to you guys, and that's all i'm looking for, not mission points. But i've tried making a new webRequest opened to the same page, but then its just like reloading the original page which generates a new hash/equation and the answer i got from the response is then wrong, i THINK, but it may be the fact i don't know exactly what format to post the answer in.

But can you at least tell me the format to post the data and WHY? Like in timed #8 for example, it says post back the answer, where ans = a. so, does that mean to post back "-541", "ans = -541","-541 = a" or "a = -541" (assuming -541 is my answer) to "http://www.hellboundhackers.org/challenges/timed/timed8/index.php"?


i know it may seem like i'm a lost cause, but i really do have a pretty good background with programming believe it or not, which is why i guess im so caught up in getting this to work. i absolutely HATE when i have a task that i CANT accomplish. and until now that hasn't happened. Thank you all so much, sorry for the annoyance.
Page 1 of 2 1 2 >