Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 20
Members Online: 0

Registered Members: 82815
Newest Member: medjiking
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-05-06 01:59
My website is http://www.nucleo. . .. I had a problem with a hacker before and I'm trying to iron out all the kinks (I wrote the tiny CMS myself). I'm requesting that my fellow hackers attempt to hack my site by simply posting a news item on the front page. In order to do so you'll either need to login as an admin or somehow escalate your permissions. On the news post just mention your HBH name and how you did so. I'd like to limit this to injections and try not to do anything too deep and piss off my websites host.

This is just a learning experience, please don't do anything mean. I'm not sure if this violates any rules set forth by HBH and if so I'll drop this post. I'll provide any form of proof requested so that you know the site is mine.


Author

RE: hack my site nucleocide.net

Neo_Chalchus
Member



Posts: 257
Location: /me laughs maniacally
Joined: 08.08.05
Rank:
Apprentice
Posted on 26-05-06 02:13
I don't know much about mysql hacking, but I got this error by inputing an ' into the username:
Code

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/nucleo/nucleocide.net/includes/auth.php on line 14
 
Login failed for user: &*92;.
Try Again




I dunno if you could use that as a way of getting in, but it might help,

NC


eviltonmoy.googlepages.com/neo_chalchus.png
Thank you EvilTonmoy for the AWESOME SIG!!!
http://hackref.net
Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-05-06 19:36
xss: http://www.nucleocide.net/?s=foobar'">> <script>alert(document.cookie)</script>

Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-05-06 20:44
Howd u fuckit up?


Author

RE: hack my site nucleocide.net

knutrainer
Member



Posts: 243
Location:
Joined: 08.07.05
Rank:
Apprentice
Posted on 28-05-06 21:01
Click on the users link. The format is fucked up there.


img389.imageshack.us/img389/974/knu5ui1ja.jpg
~PM me if you need help or instant message me.


knutrainer@gmail.com
Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-05-06 21:06
I found another xss but I think he didn't fix the previous one.
But anyway http://www.nucleocide.net/?s=%3Cscript%3Ealert(document.cookie)%3C/script%3E


Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-05-06 22:04
in the gallery section, you can still use html tags.




Edited by on 28-05-06 22:18
Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-05-06 22:42
Yeah, iframes are fucking it up a bit. Thats what i used as my detials to mess the user page!


Author

RE: xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-05-06 05:46
I'm pretty sure I've fixed ass XSS holes. Feel free to keep looking.


Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-05-06 06:51
Nope the XSS holes are still there


Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-05-06 06:15
bots Pfft

this is getting more difficult.. i dont see anyway to login as you B)


Author

RE: xss


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-05-06 19:47
you can do this:

http://www.nucleocide.net/?s=<script>alert(document.cookie)</script>

It's the easiest way to see if there's an XSS hole. Why http://www.nucleocide.net/?s=lol ">> <script>alert(document.cookie)</script> ?

When you're logged in what's this:
http://www.nucleocide.net/?s=profile&r ? you can delete your account? You can't do it in the menu Sad




Edited by on 31-05-06 20:02
Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-06-06 21:53
The scan lines are ugly. Lower the opacity.
Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 04-06-06 22:03
I'm loving the scan lines!


Author

RE: hack my site nucleocide.net


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-07-06 05:07
Neo_Chalchus wrote:
I don't know much about mysql hacking, but I got this error by inputing an ' into the username:
Code

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/nucleo/nucleocide.net/includes/auth.php on line 14
 
Login failed for user: &*92;.
Try Again




I dunno if you could use that as a way of getting in, but it might help,

NC


Yea, that usually means its prone to the simplest attacks.