Follow us on Twitter!
You cannot teach a man anything; you can only help him find it within himself. - Galileo
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 17
Guests Online: 17
Members Online: 0

Registered Members: 82876
Newest Member: bhl1986
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Comments and Suggestions

Page 1 of 2 1 2 >
Author

new challenge category? maybe? :)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-02-09 11:55
good morning/afternoon/night people.

I think php is needed for web hacking for the most part.
I recently started learning php and I came up with this idea. might be great, might not.:)

anyways, the idea is to make a new challenge category called "basic php hacking" or something (under exploit section maybe?;))

example:

Code

<html>
<body>

<form method="post">
Enter Password:<input type="password" name="pass" value="">
</form>

<?php
$pass=$_POST['pass'];

if ($pass='hbhpwn23'){
  alert("good job");
}
else {
  alert('Wrong password. Please try again.');
}
?>
</body>
</html>





as I said before, I recently started learning php. please dont flame if I made a mistake (it's what makes me a human after all:)).

thanks for reading
-Max
Author

RE: new challenge category? maybe? :)

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 26-02-09 12:07
Firstly, the code you presented has password hard coded. This means that no injections are possible, thus only bruteforcing would be possible, putting great strain on the server. Imagine even quite small number of members generating hundreds of requests, such a waste of resources, so for this code no.
Secondly php is very useful in website hacking, but in depth knowledge isn't essential. In order to exploit file inclusion by null byte, you don't need to know e.g. how to connect php with mysql, you need to know how php works with null byte, and how include function works.
If you want to learn php, go and learn, develop cms or something, if you want to learn exploit, go and learn. Wanna do both? cool, but there's no need to make new challenges for that...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 26-02-09 12:08
clone_4@hotmail.com
Author

RE: new challenge category? maybe? :)

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 26-02-09 12:24
On the topic of new challenges, get ready for real 18, made by ... ME.

Actually yours will be 19. Me and -cL own 18.
And, really, yours won't be here for a veeeeeery long long long (you get the idea) time. --MoshBat



Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png



Edited by on 26-02-09 20:45
yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: new challenge category? maybe? :)

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 26-02-09 12:32
yours31f wrote:
On the topic of new challenges, get ready for real 18, made by ... ME.


Wow just a small self-advertising Grin btw I thought it's moshbats ( and I guess sry to OP for hijack)


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: new challenge category? maybe? :)

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 26-02-09 12:37
I think the idea here is that you are shown the code and have to find a way to exploit it. So you see that you have to POST the data 'hbhpwn23' to the page in order for you to receive the password. EG has something like this, though, so I doubt it'll get implemented. Then again nothing's up to me.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: new challenge category? maybe? :)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-02-09 12:39
yours31f wrote:
On the topic of new challenges, get ready for real 18, made by ... ME.

Which still has nothing with what the OP was on about, if you're that horny about promoting yourself, there's the shoutbox. Otherwise we'll see it when it's out and we'll know that you made it then, you're proud of yourself, that's nice, don't post it where it doesn't belong just because of that.

Anyhow, as for the original idea: you might be surprised to find a challenge type called "Web Patching". It's under the section "Patch", you should check it out, it's surprisingly enough PHP and you oddly enough have to patch vulnerabilities, aka: exploits... which happen to be PHP. Bottom line is, no need for that type of new challenge.
Reference: http://www.hellbo. . ./patch.php


Author

RE: new challenge category? maybe? :)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-02-09 13:12
thanks for the reply :happy:
colen4 wrote:
Secondly php is very useful in website hacking, but in depth knowledge isn't essential.

This might be true, but some people (including me) probably want to learn it to the full. This could help us improve our skills on that certain field.

Futility wrote:
I think the idea here is that you are shown the code and have to find a way to exploit it.

exactly.
this might be a bad example. (my apologies)

Thinking about it though, its kind of like the Js challenges, but like a php version. you are presented with a code and you have to analyze it to retrieve the password.
Author

RE: new challenge category? maybe? :)

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 26-02-09 15:35
puertoricanmaxwell wrote:
This might be true, but some people (including me) probably want to learn it to the full. This could help us improve our skills on that certain field.

That may be, but why force people to use php, when they might want to learn perl, or asp or anything else for that matter, you might add some web patching challenges, to include both more advanced and basic techniques and protection against them though


Futility wrote:
I think the idea here is that you are shown the code and have to find a way to exploit it.

exactly.
this might be a bad example. (my apologies)

Thinking about it though, its kind of like the Js challenges, but like a php version. you are presented with a code and you have to analyze it to retrieve the password.


My badSmile the problem is that js is client-side language, so you are always presented with the source, but php is opposite, you will only rarely be able to view the source, even though it might be possible in some cases (and of course exluding white box pen-testing)


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: new challenge category? maybe? :)

4rm4g3dd0n
Member



Posts: 904
Location: Louisville,Ky
Joined: 09.10.07
Rank:
Active User
Posted on 26-02-09 15:44
A skills section would be nice example:

__________Skills_______________

SQL... 1 2 3 4 etc... Skill Level
PHP... 1 2 3 4 etc... Skill Level
HTML.. 1 2 3 4 etc... Skill Level
C++... 1 2 3 4 etc... Skill Level
Javascript... 1 2 3 4 etc... Skill Level
Perl...
etc...
etc....

_______________________________

Where the level challenges may or may not have points But shows the persons skill level for that subject for HBH i suppose the leveles would go from Apprenetice to God I dont know That would be Cool though


a1.sphotos.ak.fbcdn.net/hphotos-ak-snc6/285477_168984629836698_100001754862141_374762_5098511_n.jpg
All I Know Is That I Don't Know Nothing .... Operation Ivy

c:/users
Author

RE: new challenge category? maybe? :)

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 26-02-09 20:52
MoshBat wrote:
What you actually want is new challenges, and there are some ready, it's just we're all busy.

Speak for yourself. I'm not busy at all. In fact, I'm enjoying a 4 and a half day weekend of freetime. If someone would only give me the privs to help, I would.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: new challenge category? maybe? :)

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 26-02-09 21:05
MoshBat wrote:
Futility wrote:
MoshBat wrote:
What you actually want is new challenges, and there are some ready, it's just we're all busy.

Speak for yourself. I'm not busy at all. In fact, I'm enjoying a 4 and a half day weekend of freetime. If someone would only give me the privs to help, I would.

By "we", I meant all the other devs. If only someone would get a move on and give me the privs I asked for, then we'd have a few more challs and bug fixes by now.


Subtle hints never have been your best strength have they? Pfft


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: new challenge category? maybe? :)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-02-09 23:43
I already made a phreaking challenge... COUGHPOSTITCOUGH


Author

RE: new challenge category? maybe? :)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-02-09 19:17
soo.... I guess it's a no for my suggestion?Sad
Author

RE: new challenge category? maybe? :)

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 28-02-09 20:40
In normal conditions, you can't view the server-side language PHP. If you are in the unique position of having the ability to view PHP source, all you need is some basic coding skill and common sense to exploit the system.

The challenge category you are suggesting we create is called "Basic PHP Programming", there's only one challenge, and it involves reading, programming, testing and debugging. Have fun Smile.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: new challenge category? maybe? :)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-03-09 02:35
Hmm, just a suggestion,, but isn't it better if we organize the basic challenges to become like XSS challenge, SQL injection challenge, etc since it has all the different types of techniques of hacking.
Author

RE: new challenge category? maybe? :)

yours31f
Member



Posts: 1678
Location: Dallas Texas
Joined: 27.04.07
Rank:
Elite
Posted on 01-03-09 06:32
Have you completed them? They pretty much are...


Debugging is what programmers do to beta software to make it take up more room on your hard drive if it is running too efficiently.


img259.imageshack.us/img259/3713/sigr.png

yours31f@live.com yours31f@yahoo.com rpwd.info
Author

RE: new challenge category? maybe? :)

What_A_Legend
Member



Posts: 470
Location: On the Net
Joined: 12.04.06
Rank:
Active User
Posted on 01-03-09 11:27
This idea is pretty much a no go. If we are giving code to exploit which is readable to the user everyone should be able to work out the exploit.

We also have a section kind of like this and its called 'Web Patching'. If you want to submit PHP code with an exploit in (ensuring it isnt one of the exploits already covered) please provide it as a 'Web Patching' challange.

This will then be reviewd by relevant admin(s) and then accepted or declined as needed.


i19.photobucket.com/albums/b153/Golden_Lemur/legendsig.png

www.hellboundhackers.org/sig/r/7039.png
what_a_l3g3nd@hotmail.com www.wayneshears.com
Author

RE: new challenge category? maybe? :)


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-03-09 02:33
MoshBat wrote:
Putting them into categories would "kill" half of the fun of finding out what exploit to use.


Hmm, fair enough
Author

RE: new challenge category? maybe? :)

bl4ckc4t
Member

Your avatar

Posts: 591
Location: /etc/
Joined: 07.03.06
Rank:
Wiseman
Posted on 02-03-09 07:23
Personally, I would much rather see a "Programming Challenges" section. Perl, C++, C, VB, VC#, Python, those kinds of languages.

This would be more beneficial to anyone here. It would also encourage people to learn more than just web programming languages.


Author

RE: new challenge category? maybe? :)

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 02-03-09 08:19
bl4ckc4t wrote:
Personally, I would much rather see a "Programming Challenges" section. Perl, C++, C, VB, VC#, Python, those kinds of languages.

This would be more beneficial to anyone here. It would also encourage people to learn more than just web programming languages.


Since when is VB beneficial to anyone?



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Page 1 of 2 1 2 >