Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 51
Guests Online: 49
Members Online: 2

Registered Members: 82803
Newest Member: Tired_of_being_ignorant
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Projects

Author

Creating new basic chall...

K3174N 420
Member



Posts: 296
Location: In a grow room, growing cannabis.
Joined: 14.09.08
Rank:
Hacker Level 1
Warn Level: 69
Posted on 17-10-08 01:34
Ok, so i want to put my mark onto the site, make a challenge Smile

Iv,e stated one, you can find it at:
http://www.keiran420.ueuo.com/hbhchall/

Basically you given a search to enter a user name and select a search criteria..
You have got to find the admin log in details...

I wont say much, but once you have logged in as admin, its not the end...

Try it and tell me what you think....

it is a very basic layout still...

When its ready is there any special way i need to format it, or do i simply hand in the php source?


Thanks Yours31f!
img114.imageshack.us/img114/1497/keiran420cy2.jpg
Make poverty history... Cheaper drugs now! - Frank gallagher
[small][center]Einstein climbs to the top of Mt. Sinai to get close enough to talk to God.
Looking up, he asks the Lord...
"God, what does a million years mean to you?"
The Lord replies, "A minute."
"Einstein asks, "And what does a million pounds mean to you?"
The Lord replies, "A penny."
Einste
http://keiran420.ueuo.com/
Author

RE: Creating new basic chall...

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-10-08 01:51
Does your challenge convey something new, or special? What will you teach with this?



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Creating new basic chall...

K3174N 420
Member



Posts: 296
Location: In a grow room, growing cannabis.
Joined: 14.09.08
Rank:
Hacker Level 1
Warn Level: 69
Posted on 17-10-08 02:06
at the minute its fairley basic, shows a couple of things that have been shown here before...
i hope to add to this, and have a couple idears, but really just getting some feedback for now...


Thanks Yours31f!
img114.imageshack.us/img114/1497/keiran420cy2.jpg
Make poverty history... Cheaper drugs now! - Frank gallagher
[small][center]Einstein climbs to the top of Mt. Sinai to get close enough to talk to God.
Looking up, he asks the Lord...
"God, what does a million years mean to you?"
The Lord replies, "A minute."
"Einstein asks, "And what does a million pounds mean to you?"
The Lord replies, "A penny."
Einste
http://keiran420.ueuo.com/
Author

RE: Creating new basic chall...

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-10-08 02:08
K3174N 420 wrote:
at the minute its fairley basic, shows a couple of things that have been shown here before...
i hope to add to this, and have a couple idears, but really just getting some feedback for now...


You're not writing a novel. You're attempting to simulate a security breach.

Feedback is very irrelevant at this point. Pick your security problem, simulate it. Then we'll talk.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Creating new basic chall...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-10-08 09:01
Most of this challenge is far too easy, and has been done before pretty early on in the basics. I got the userPfftass for the admin, but got the 'coming from wrong url' message, despite the fact the index.php has <form action='login.php'> in the source. There are 2 pages you make avaliable to us, people.php and login.php, if neither of those work (which they dont), it becomes a guessing game, not a hacking challenge.

Also, is this a live SQL challenge? coz I tried replacing firstname with information_schema, and got a 403 forbidden. If so, I suggest you limit the options available before someone selects part of your database you didnt want them to have.


Author

RE: Creating new basic chall...

Mouzi
Member



Posts: 144
Location: Finland
Joined: 08.08.06
Rank:
Newbie
Posted on 17-10-08 11:19
jjbutler88 wrote:
got the 'coming from wrong url' message, despite the fact the index.php has <form action='login.php'> in the source. There are 2 pages you make avaliable to us, people.php and login.php, if neither of those work (which they dont), it becomes a guessing game, not a hacking challenge.


Wasn't there a realistic challenge that had you to do the same? I mean something like you have to set your referrer as some admin panel page which you had to guess. Not sure though.

But if the referrer is supposed to be something completely irrelevant, then, as you said, it's not a hacking challenge :P


izuom.net/sig.gif
Steganographs

Edited by Mouzi on 17-10-08 11:20
You would try to hack it anyways.
Author

RE: Creating new basic chall...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-10-08 11:54
Mouzi wrote:
Wasn't there a realistic challenge that had you to do the same? I mean something like you have to set your referrer as some admin panel page which you had to guess. Not sure though.

It was Real 7, I think. Also, if the admin url wasn't given directly to you, it was easily implied from the original site.

To the OP, it's good that you're trying to make a challenge... Just take in all of the feedback you're getting and improve it / narrow it down. That, at least, as got to be worth 1 CP. Pfft


Author

RE: Creating new basic chall...

K3174N 420
Member



Posts: 296
Location: In a grow room, growing cannabis.
Joined: 14.09.08
Rank:
Hacker Level 1
Warn Level: 69
Posted on 17-10-08 13:54
ok...

atm, theres 3 pages to my challange, you only need these 3... and all are in the hbhchall/ folder

index.php is the page you start on
people php is the page that displays your search results, will show error message if invalid user
login.php WILL SHOW BLANK SCREEN unless correct user/pass is used

and as for the guesing, all u gotta guess is 1, how the passwords are stored - easy
abd 2, guess what his home site his called... hmmm... i gave u his email didn't i?... - easy!

im thinking maybe once you logged in and tricked it to coming from the url....
maybe some dmin control panel... add a few more users and make the player change the database contents somehow... try introducing a mysql command that hasnt been used yet...

Maybe making the player change the admin password... (for another hash)...

thoughts?




Thanks Yours31f!
img114.imageshack.us/img114/1497/keiran420cy2.jpg
Make poverty history... Cheaper drugs now! - Frank gallagher
[small][center]Einstein climbs to the top of Mt. Sinai to get close enough to talk to God.
Looking up, he asks the Lord...
"God, what does a million years mean to you?"
The Lord replies, "A minute."
"Einstein asks, "And what does a million pounds mean to you?"
The Lord replies, "A penny."
Einste

Edited by K3174N 420 on 17-10-08 14:25
http://keiran420.ueuo.com/
Author

RE: Creating new basic chall...

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 17-10-08 18:17
don't want to discourage, but as I assume that you 'made up' this vulnerability, I would say that there is enough of those challenges, and most likely what you are doing has already been covered; what I would much rather prefer is a challenge that is based on real vulnerability, ie something you have seen/found/exploited.... but the again only assuming Smile


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Creating new basic chall...

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 17-10-08 18:43
The internet doesn't need these kind of challenges anymore. Retreat your puny attempts and let real hackers devise simulated environments.

Thanks.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Creating new basic chall...

K3174N 420
Member



Posts: 296
Location: In a grow room, growing cannabis.
Joined: 14.09.08
Rank:
Hacker Level 1
Warn Level: 69
Posted on 17-10-08 21:09
yea, ill look up on some more recant exploits, though... this IS the 1st challange i have ever made, and its still only really a working proccess...
Ill find a nice little exploit that hasn't been covered here and simulate it Smile

got one or 2 idears... only problem is i want it to remain a basic... where a couple of idears are leading more to a realistic....

Anyway, have fun doing this one for now, and you can only call it crap IF you complete it. Smile


Thanks Yours31f!
img114.imageshack.us/img114/1497/keiran420cy2.jpg
Make poverty history... Cheaper drugs now! - Frank gallagher
[small][center]Einstein climbs to the top of Mt. Sinai to get close enough to talk to God.
Looking up, he asks the Lord...
"God, what does a million years mean to you?"
The Lord replies, "A minute."
"Einstein asks, "And what does a million pounds mean to you?"
The Lord replies, "A penny."
Einste
http://keiran420.ueuo.com/
Author

RE: Creating new basic chall...

K3174N 420
Member



Posts: 296
Location: In a grow room, growing cannabis.
Joined: 14.09.08
Rank:
Hacker Level 1
Warn Level: 69
Posted on 17-10-08 21:47
moshbat wrote:
K3174N 420 wrote:
yea, ill look up on some more recant exploits, though... this IS the 1st challange i have ever made, and its still only really a working proccess...
Ill find a nice little exploit that hasn't been covered here and simulate it Smile

got one or 2 idears... only problem is i want it to remain a basic... where a couple of idears are leading more to a realistic....

Anyway, have fun doing this one for now, and you can only call it crap IF you complete it. Smile


The first one I made was better than that... It got acccepted.


And how do you feel about that? :ninja:


Thanks Yours31f!
img114.imageshack.us/img114/1497/keiran420cy2.jpg
Make poverty history... Cheaper drugs now! - Frank gallagher
[small][center]Einstein climbs to the top of Mt. Sinai to get close enough to talk to God.
Looking up, he asks the Lord...
"God, what does a million years mean to you?"
The Lord replies, "A minute."
"Einstein asks, "And what does a million pounds mean to you?"
The Lord replies, "A penny."
Einste
http://keiran420.ueuo.com/
Author

RE: Creating new basic chall...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-10-08 00:57
moshbat wrote:
The first one I made was better than that... It got acccepted.

K3174N 420 wrote:
And how do you feel about that? :ninja:

moshbat wrote:
Probably better than you do.


Ouch... Keiran:

mihasya.com/miscimgs/fail.jpg




Edited by on 18-10-08 00:57