Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 11
Guests Online: 10
Members Online: 1

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Page 4 of 5 < 1 2 3 4 5 >
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-10-07 22:12
Skunkfoot wrote:
if you need to learn more about any of these, here's a decent little article:
freewebs.com/skunkf00t/hacking.txt


Credit much?
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-10-07 22:18
Skunkfoot wrote:
if you need to learn more about any of these, here's a decent little article:
freewebs.com/skunkf00t/hacking.txt

Pr0test wrote:
Credit much?


It's actually chock full of information, some of which is relevant to the Pen-Testing challenge (though not as spoilers). Instead of having a snide comment about him offering information, you should either stfu or write something half as useful.

Skunkfoot wrote:
One of the options under the Forms menu on the Web Developer Toolbar can help a lot with one of these Smile


Found that, as well as the other 3 basic ones... just stuck at the last one. I'm not asking for help, though... I'll figure it out on my own with enough time. Smile





Edited by on 27-10-07 22:19
Author

RE: Pen 1

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 27-10-07 23:06
Anyone else having problems logging in with nooblet and irtoleet, because it does not work for me xD


anbu.sf@hotmail.com
Author

RE: Pen 1

basa
Member

Your avatar

Posts: 8
Location:
Joined: 12.08.05
Rank:
Wiseman
Posted on 28-10-07 00:22
thx skunkfoot for the article =))
i think i tried all the exploits written there...
maybe i missed smth... i'll just try them again.... ,)



If you can`t hack 'em, join 'em... And then hack 'em! Wink
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 01:23
Ayr4 wrote:
Anyone else having problems logging in with nooblet and irtoleet, because it does not work for me xD


Who even uses those credentials? :happy:



Author

RE: blah


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 01:28
if we arnt using them then...what the hell are they there for...
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 01:31
Edit: Spyware is a monkey. Ignore him. :happy:

noober wrote:
if we arnt using them then...what the hell are they there for...


For people that take limited user accounts as a compromise. Seriously, first priority should be privilege escalation.





Edited by on 28-10-07 01:38
Author

RE: Pen 1

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 28-10-07 01:31
noober wrote:
if we arnt using them then...what the hell are they there for...


"Confuzzleness"



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 01:02
spyware wrote:
noober wrote:
if we arnt using them then...what the hell are they there for...


"Confuzzleness"

i was refering to the credentials given to you at the begining
Author

RE: Pen 1

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 28-10-07 01:04
noober wrote:
i was refering to the credentials given to you at the begining


Yeah, me too.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: blah


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 01:07
ive thrown various XXS SQL and RFI in everyplace i can find...wtf
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 01:16
noober wrote:
ive thrown various XXS SQL and RFI in everyplace i can find...wtf


Then, obviously, you can't find the easy places. Just do some more Real's before you attempt this one. It's not as much of a pushover as the other challenges.



Author

RE: =P


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 03:04
Alrighty, you seem to know what your doing so off to real challenges i suppose
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 05:42
noober wrote:
Alrighty, you seem to know what your doing so off to real challenges i suppose


I wouldn't go that far. Smile However, the Realistic Challenges should be a prerequisite to the PenTest challenge; though they tend to be a bit too simple, they do show you patterns that you can apply to this challenge. Anyways, it's safe to say that 3 out of the 5 exploits are incredibly easy to find, the 4th one takes a bit of ingenuity, and the 5th one must take some specific knowledge (as I have not managed to get that one yet).



Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 06:00
Zephyr_Pure wrote:
[quote]Skunkfoot wrote:
if you need to learn more about any of these, here's a decent little article:
freewebs.com/skunkf00t/hacking.txt

Pr0test wrote:
Credit much?


I'm pretty sure it says who wrote it in the article...something like Spyderman's guide...maybe I forgot to copy that part, idk, but regardless, I didn't write those. I'm not saying I did. I got all those articles from Darkmindz.


Anyone else having problems logging in with nooblet and irtoleet, because it does not work for me xD


It doesn't work at all...check the source code and you'll see that that form doesn't do anything...

and the 5th one must take some specific knowledge (as I have not managed to get that one yet).


If we're thinking about the same one, then you need to inject something into the URL of one of the pages...


Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 06:08
Zephyr_Pure wrote:
and the 5th one must take some specific knowledge (as I have not managed to get that one yet).

Skunkfoot wrote:
If we're thinking about the same one, then you need to inject something into the URL of one of the pages...


We probably are thinking about the same one... I have this vague feeling that the injection is not a typical one (at least, for "normal" methods), so it's just going to take a bit more time to figure out. Smile



Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 06:18
no, it's not. You got to the secret directory with the code, so look at the code. You'll need to inject something to make the condition true (to display the admin panel)

I don't think I can say more than that without spoiling it. You can PM me if you like...


Author

RE: about damn time


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 09:56
Ok so i found how to read the sekrit*****/sec***.php or what ever, my question is do i need to use a p** c****** s****? hope that wasnt to cryptic for a person to recognize, just dont want to spoil things for anyone
Author

RE: Pen 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-10-07 18:00
well I'm pretty sure I understand what you're saying...

PM me, you're on the right track, but I don't know how to give this hint because I'm afraid it might spoil it for some people.


Author

RE: Pen 1

Ayr4
Member

Your avatar

Posts: 234
Location: Norway
Joined: 28.09.05
Rank:
Moderate
Posted on 29-10-07 00:03
Zephyr_Pure wrote:
Who even uses those credentials? :happy:


Because, it might be important...get it?:evil:


anbu.sf@hotmail.com
Page 4 of 5 < 1 2 3 4 5 >