Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Challenges | Patching

Author

Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 01:14
I already beat them with prior discussions with Grindordie but the challenges move over from easy to extremely difficult.
The fast paced life style PHP is going through, there are a bunch of different ways to patch 1 exploit.
Using a script to check the answers is madness unless you have a php guru sitting on the other side knowing and coding in every single possibility.

Just my 2cents on the patching challenges. post wut u think.


Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-04-06 01:18
I thought they were both very very easy. A bit tricky at first, getting used to line numbers, what the exact "exploit type" is. But, after that, you know how the game roles, and is easier to get. Well, this is from 1-2....there are only two, i'll just have to see how it continues on.


Author

RE: Frowning on the patching challenges

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 14-04-06 01:21
what we do is have an array of accepted answers.

so we've gone through and thought of ways it could be patched, and coded those into the answers. So its not just ONE set way to complete it, because agreeed that would be madness.

were working on various other patching challenges and we're tring to include as many different types and accepted answers.

These challenges are only in trail stages and are still being thought about and updated.


http://www.hellboundhackers.org/
Author

RE: Frowning on the patching challenges

nanoymaster
Member



Posts: 119
Location: ก็็็็็็&
Joined: 20.08.05
Rank:
Wiseman
Warn Level: 30
Posted on 14-04-06 01:28
personally I love the recent patching challenges, that have taught me how to defend sites I make in the future and well, yeah...good work, v. handy


ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิิิิิิิิิิ ก็็็็็็็็็็็็็็็็็็็็ กิิิิิิิิิ
Ask me... ก็็็็็็็็็็็็็&# http://www.nanoy.org
Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-04-06 19:36
I think I know the security leak in one of the challenges but my patching method requires more than one line Sad

Plus I think there's a syntax error in 3 Wink




Edited by on 16-04-06 19:54
Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-04-06 20:39
well there is always gonna be many ways to patch each problem,
it is really just accepting the most common and simple ways to fix each problem


Author

RE: Frowning on the patching challenges

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 16-04-06 23:48
yeah we usally accept the simplest and most efficent.

so no adding functions etc, just include a simple strip_tags command or something, and problem solved. very efficent and very simple Smile


http://www.hellboundhackers.org/
Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-04-06 23:54
Finally some problems where you need to find the answer for!
clapping in my hands!!!
Keep up the good work!
I love it Grin
(altough... finding names for the problems is prolly my biggest problem Grin)
it doesnt accept this:
Exploit Type: DUMB ASS READING! Wink
Can i find somewhere a list with possible exploits (like css,...)

Edited by on 18-04-06 23:55
Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-04-06 01:22
css=Cascading Style Sheets
xss=Cross Site Scripting

i i guess u ment xss in the last post, and btw see my thread about this very subject

http://hellboundh. . .ad_id=3490


Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-04-06 12:18
Mr_Cheese wrote:
so no adding functions etc, just include a simple strip_tags command or something, and problem solved. very efficent and very simple Smile


Damn, there goes my love for regexes Pfft


Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-04-06 23:23
aenman123 wrote:
css=Cascading Style Sheets
xss=Cross Site Scripting

i i guess u ment xss in the last post, and btw see my thread about this very subject

http://hellboundh. . .ad_id=3490

Smile yes i ment xss thnx for correting Smile and soz that i didnt saw the other topic :s
Author

RE: Frowning on the patching challenges


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-04-06 01:21
I think you should "addslashes(Text '\ ' To Remove 'Slashes')" Without quotes...cuz its really ******* me off,,,I know it should work with it in real life...anyway

Edit :
Usage of addslashes :

<?
echo addslashes(The text on which you want to add the slashes);
?>

What it do : Addslashes, like it name tell us, add slashes to a sentence.

Example :
You ask for a username and the user enter : '"'MyName\"'\""'
the patched username with addslashes would be : \'\"\'MyName\\\"\'\\\"\"\'
and if you want to ''Echo'' it, this code would do it :

Code
<?
$username = addslashes($_POST['username']);
// Here you do what ever you want with the username, like checking few things with a sql table

echo "Welcome dear ";
echo stripslashes($username);
?>





I hope you'll add it :D

Edited by on 22-04-06 20:32