Follow us on Twitter!
Ideas are far more powerful than guns.
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 26
Members Online: 6

Registered Members: 82880
Newest Member: TheAviator
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Comments and Suggestions

Author

Even MORE challanges!!

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 01-04-06 12:42
Yep, thats right, i been thinking of including a whole new section of challenges to HBH!

Patching Challenges

The idea is simple, you are shown a snippit of website / application code, and then your job is to specify:
- Type of possible attack
- the line the exploitable code is on
- a example of how to patch it.

There will be many challenges in this area with a diverse amount of languages and exploits.

Here is a example:
CODE:
Code
<?php
if(isset($_GET['username'])){
echo "USERNAME: ". $_GET['username'] . "<br>";
  if($_GET['username'] == "admin"){
  echo "<hr><b>this user is an admin!!</b><br>";
  }
} else {
echo "<h1>No username is defined</h1>";
}
?>




ANSWER:
Type of Exploit: Cross Site Scripting
Line thats exploitable: 3
Patched line:
echo "USERNAME: ". strip_tags($_GET['username']) . "<br>";


These answers will be automated just like the basic challenges, so ofcourse we'll include various answers etc. i.e type of attack: XSS / CSS / cross site scripting - they will all be allowed etc

I figure this is a good idea seeing as we have a increasin amount of webmasters on this site, its wise to know how to patch and what exploitable code looks like.

What are your thoughts?




Edited by Mr_Cheese on 01-04-06 12:44
http://www.hellboundhackers.org/
Author

RE: Even MORE challanges!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-04-06 12:49
I think this would be cool - it would be more realistic than the realistic challenges themselves. Also this is an area where people struggle if their skills haven't left hellbound.


Author

RE: Even MORE challanges!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-04-06 12:49
nice nice i like it Grin is it gonna be all php or different languages??


Author

RE: Even MORE challanges!!

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 01-04-06 13:09
Mr_Cheese wrote:
There will be many challenges in this area with a diverse amount of languages and exploits.



http://www.hellboundhackers.org/
Author

RE: Even MORE challanges!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-04-06 13:31
I really like this idea. Can't wait to try or even contribute (if I get a good idea or so Wink )

( I think it also adds up to the legal part of the site. You can't call patching and securing code illigal, don't you? Pfft )


Author

RE: Even MORE challanges!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-04-06 13:51
I like it Grin Should be worth a fair amount of points though, pretty tough seeing as the only way you can solve em is through good knowlege of the code. You can't google for it or anything, lol. And asking for help in the forums would be harder for these aswell XD


Author

RE: Even MORE challanges!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-04-06 14:17
i like the idea very much, but i'll need some tutorials/articles on it...
with my knowledge i won't get far i suppose :s
anyway, keep up the good work!


Author

RE: Even MORE challanges!!


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-04-06 16:00
Uhhh, if you patched it with this:

Code
echo "USERNAME: ". strip_tags($_GET['username']) . "<br>";




You could still inject a username in to the address bar, to patch that hole, you would use post instead of get. :)

Am I correct?
Author

RE: Even MORE challanges!!

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 01-04-06 16:02
yes you could still inject into the url bar. but whats the point of injecting code into the url bar if it doesnt do anything because the tags are stripped.


http://www.hellboundhackers.org/