Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 17
Guests Online: 16
Members Online: 1

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Author

Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-05-08 04:14
I have completed everything besides the do* part. I tried the obvious of including a certain default page, but a message is displayed that this condition was fixed. Where should we look in order to create a do* condition and complete the challenge?


Author

RE: Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-05-08 04:22
Never mind LOL. Which exploits have you done?




Edited by on 01-05-08 04:24
Author

RE: Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-05-08 05:05
(sorta spoiler warning)






I am done with:
1. Hidden dir
2. Sql injection
3. session stuff (pretty tough, the answer is easily found on google though)
4. XSS injection

Last part is the dos (at least that is what someone said in another thread.)

Does the admin panel somehow come into play? I know where the "real" code should be and where the placeholder is that says "admin panel not finished". I don't think this should have anything to do with the dos.

Thanks!


Author

RE: Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-05-08 05:10
I don't know why I posted here actually, I haven't so much as looked at a challenge in probably months. Sorry m8 I thought I'd waste your time though, but did you get admin? That's the only one that's coming to mind though it looks like you may have already gotten it fuck idk. Frown


Author

RE: Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-05-08 05:25
Yeah, admin was pretty tough without doing research (google will solve this very easily if you search for the right thing). But the answer is really simple. Most people are probably trying the right thing, they just don't have the proper syntax.

But I am stuck at the dos part Grin

I am sure the answer is just as simple as the admin, but I am just overlooking something.


Author

RE: Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-05-08 13:18
Nevermind, thanks to stdio I was given a push in the right direction. The answer was again really easy once you realize what to do XD.


Author

RE: Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-05-08 02:52
zeus_the_moose wrote:
(sorta spoiler warning)






I am done with:
1. Hidden dir
2. Sql injection
3. session stuff (pretty tough, the answer is easily found on google though)
4. XSS injection

Last part is the dos (at least that is what someone said in another thread.)

Does the admin panel somehow come into play? I know where the "real" code should be and where the placeholder is that says "admin panel not finished". I don't think this should have anything to do with the dos.

Thanks!


I don't know what hidden dir could have to do with. There was a hidden dir involved in the session part and I got that already. The part with the file include, is that what people mean with the "dos" or do we actually have to find another way to do the dos'ing? I think that's what I have left, I've done

file include
sql injection
xss
session poisoning

EDIT
_____

I figured it out. If you are stuck, read Skunkfoot's post on page 4 of the "Pen 1" thread. Afterwards, you should search the subject matter with what he says to do and that should help you with it.




Edited by on 29-05-08 09:39
Author

RE: Session Poisoning

crashbird
Member



Posts: 83
Location: India
Joined: 15.06.07
Rank:
Newbie
Posted on 17-05-08 00:25
Hey can anyone guide me on how i should get to poison the sessions..
or what f**m* should i put the value of $_S******[***in]=t***.

Also if someone could guide me to a link on learning more on this..
Tried a lot of places , but couldn't get enough information...

Thanks, presently i have 90 points,

i've done,
Secret dir
sql
and xss
elijah981 elijah981
Author

RE: Last exploit


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-05-08 00:40
Sometimes sessions are set by cookies, and you can already see one of them.