Follow us on Twitter!
Understanding is the answer, hatred is the problem, and hackers are the slaves abused and destroyed in the process of peace online - Deshouleres
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 19
Members Online: 3

Registered Members: 82910
Newest Member: toni7
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Page 1 of 2 1 2 >
Author

l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 02:09
Hey demon_king,

sorry but i really didn't feel like sending a pm since it just takes up space in my in-box, but just to re-cap where you left off..

ive started a hacker site and i just wanted you to join. here is the link:

l33thackers.freehostia.com

ill see you there


Thank you for inviting me to your site, not bad for your first try.

But i couldn't help to notice how many security vulnerabilities i was able to come across. you should really try to secure your site from SQL injections among other things.

You should fix this asap, someone could gain access after a few minutes and have access to all the articles, member list, settings.

Just be glad i was able to tell you before this information got out to everyone on the internet.

just a design note, i would suggest you try to come up with a better slogan, like after you log in and the home page says

L33t Hackers! The site that will show you how hackers get in and how to keep them out


Your Welcome


edit: why aren't there more challenge categories? just basic, realistic, and javascript?




Edited by on 12-06-08 02:26
Author

RE: l33thackers.freehostia.com

flame_1221
Member



Posts: 179
Location: malaysia
Joined: 13.05.07
Rank:
God
Posted on 12-06-08 02:38
wtf?


i19.photobucket.com/albums/b153/Golden_Lemur/flame1221sig.png
Thanks for the sig Lemur
127.0.0.1
Author

RE: l33thackers.freehostia.com

shadowls
You Like this!



Posts: 840
Location:
Joined: 07.12.06
Rank:
God
Posted on 12-06-08 02:52
Well he just told a complete conversation in public. Thats all.


ps. i checked out the site, damn there is a lot of sql vuln. in this site.


If you think my post are useful to you, please vote for them. Thank You


knowledge is powerful itself - SHADOWLS


i41.tinypic.com/mjwz7t.jpg

Made by:agentmax69, but remastered by: KvK


Coffee


Edited by shadowls on 12-06-08 03:02
None None
Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 03:11
shadowls wrote:
Well he just told a complete conversation in public. Thats all.


ps. i checked out the site, damn there is a lot of sql vuln. in this site.


lol... indeed there is, there are other besides SQL

when in doubt, check the source


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 03:24
Haha, man its pretty mean just putting the site here and saying it has vulnerabilities in it.


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 03:38
oh come on,

with a slogan like " The site that will show you how hackers get in and how to keep them out"

how could you not?


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 04:02
Yeah even basic SQL injection works. Directory's aren't hidden. Mainly the site is a piece of shit. Like you can edit the cookies to show you logged in as anybody you like and they aren't even encrypted. Its coded by a three year old (assumption). This site would practically give away information to someone computer-illiterate just browsing it.
So add it all up and you get: Insecure.


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 04:25
well this might not turn out to be a tragedy after all, I'm talking to demon_king about how he can secure his website more.








Edited by on 12-06-08 04:27
Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 04:37
Hate to point out the most basic of exploits, but

admin

and basic SQL injections work.

Dude, ever heard of
Code
mysql_real_escape_string()


?





Edited by on 12-06-08 05:04
Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 06:48
Apparently someones working on the security because now you get an error when you login with sql or just random user and pass. However still vulnerable.




Edited by on 12-06-08 06:59
Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 07:01
K_I_N_G wrote:
Apparently someones working on the security because now you get an error when you login with sql or just incorrect.


way to go demon_king, 1 exploit patched.. keep up the good work



Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 09:28
This site failed before it began.

<SCRIPT>alert(String.fromCharCode(89,111,117,83,117,99,107))</SCRIPT>


Put this in the user/pass, login, go back, and click the link to the home page.

Owned.


Author

RE: l33thackers.freehostia.com

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 12-06-08 10:21
Feralas wrote:
This site failed before it began.

<SCRIPT>alert(String.fromCharCode(89,111,117,83,117,99,107))</SCRIPT>


Put this in the user/pass, login, go back, and click the link to the home page.

Owned.


you can also try the same with cookiesWink

Edit:lol wouldn't have expected that wrong login info would get written in to the cookies as well Grin sry for repeating the same exploit


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 12-06-08 10:33
clone_4@hotmail.com
Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 10:32
clone4 wrote:
Feralas wrote:
This site failed before it began.

<SCRIPT>alert(String.fromCharCode(89,111,117,83,117,99,107))</SCRIPT>


Put this in the user/pass, login, go back, and click the link to the home page.

Owned.


you can also try the same with cookiesWink


Man, some hard core encryption on them their cookies... not.

Was this site coded by monkeys?


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 12:46
yea you really need to have a better filter then it adding slashes. and try encrypting the cookies with something other than hex.


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 12:48
you can easily bypass the login just put abc in the username and pass box and then you get the error saying it doesn't exist but then you click back and click on home and your logged in as abc


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 18:00
The site could use a major revamping in terms of security. You can login as anybody you want (including valid users) and you can even delete their profile if you wanted to. You don't even need SQL injections.


Author

RE: l33thackers.freehostia.com

Uber0n
Member



Posts: 1963
Location: Sweden‭‮
Joined: 13.06.06
Rank:
Hacker Level 3
Posted on 12-06-08 18:28
This must be one of the lamest attempts to make a hacking site ever :angry:


img230.imageshack.us/img230/724/uber0nsig3hj6.gif
http://uber0n.web. . .
Nope http://uber0n.webs.com/
Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 18:35
the basic challenges don't make sense to me there more like riddles not hacking challenges :right:


Author

RE: l33thackers.freehostia.com


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-06-08 19:16
Horrible, horrible coding.


Page 1 of 2 1 2 >