Follow us on Twitter!
I'd prefer to die standing, than to live on my knees - Che Guevara
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 21
Members Online: 2

Registered Members: 82906
Newest Member: ilija
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Author

Pen testing 2 - stumped!

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 19-09-13 05:31
I have read all of the pen 2 threads and articles - I find them not very helpful except for a few areas to focus on.

so far I have found the hidden db info and a way to modify the news.

im stumped on the injection and trying to login as admin.. I have no clue how to get to the login. I keep getting big red 'ERROR' message on two places.

any pointers or a push would be grateful. or at least open up a discussion on this topic.

know where to Look
Author

RE: Pen testing 2 - stumped!

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 19-09-13 12:44
There is no sql injection in this one. The challenge gives you everything you need to login, and when you do, there are several pointers that will show you what to do next.
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: Pen testing 2 - stumped!

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 28-09-13 15:55
gotcha, I am up to 135 points now...

I got in and saw what I needed to see..

I am down to only 40 points left of the exploit.. I am suspecting it has something to do with trying to manipulate image tag?


any pointers?
know where to Look
Author

RE: Pen testing 2 - stumped!

rex_mundi
☆ Lucifer ☆



Posts: 1459
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 29-09-13 00:19
CSRF
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: Pen testing 2 - stumped!

synstealth
PHP WARRIOR

Your avatar

Posts: 807
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 02-10-13 15:21
yeah -- It was right in my face! lol..
know where to Look