Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 12
Guests Online: 11
Members Online: 1

Registered Members: 82876
Newest Member: bhl1986
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Page 2 of 3 < 1 2 3 >
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-10-07 00:37
Flaming_figures wrote:
Re**** F*** In******* and L**** F*** In*******. Thanks skunk you saved me lots of wasted time with that comment Smile


Yeah, the "XSS" and "Web Developer" comments, when combined, may have constituted a spoiler. I still think the best piece of advice for this challenge is "look at everything, and try everything". It may seem too broad but, once you start finding exploits, you'll understand why.

Really, they are basic exploits; hopefully, the second PenTest challenge will be more complex and have more exploits for less points. We demand substance! :happy:



Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-10-07 00:41
lol, not necessarily, the web developer toolbar has a lot of options in it...

and yeah, look at everything, and I mean everything Smile


Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-10-07 00:47
Skunkfoot wrote:
lol, not necessarily, the web developer toolbar has a lot of options in it...


Yeah, I guess you're right. If they weren't familiar with the extension before the challenge, they'll still end up learning some technique out of it when they finally get it. Anyways, all but the last exploit should be extremely obvious after some plodding. Smile



Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-10-07 01:28
yeah, that last exploit's a bitch...most of you will likely need help on it..


Author

RE: Pen 1, new

Frogguy
Member

Your avatar

Posts: 35
Location: Montreal
Joined: 11.07.06
Rank:
Newbie
Posted on 02-11-07 03:20
Man, I was trying to figure out what the exploit was that gives you 10 points for like an hour, so i gave up and saw that I somehow got the points hahaha.. i'm pretty sure I know which one worked though, it was the most obvious. There should maybe be some kind of message that tells you that you got the points, or maybe i just missed it?
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 03:40
lol there is a message, but I had the same problem when I first got it

I didn't even know I got it, and then I went to my profile and it said I had 10 points xD


Author

RE: ?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 03:55
how exact do i need to get the explot. I got it to cough up a sql error but no points
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 04:08
which exploit? ...

and what error?


Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-11-07 13:31
pk, i found the "include" exploit
but i'm stuck on these two things:
i've found a secret dir, but i cant do anything in that, i only get error, on line 1337 Pfft
also i'm trying to login as admin, i think i have a pass, but whats the username?
[EDIT]
ok it was my BIG fault. i am sorry. i've got it
[/EDIT]




Edited by on 02-11-07 13:35
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-11-07 03:48
OK I got 90 points dunno what to do next. I got admin access. If this were a realistic chall probably I would try to get the ftp pass and deface the whole site. Hmm probably not. Maybe hijack the email and get some bank details and pocket some $$$. Maybe I'm going too far...
And maybe I need an anti-1337 FF plugin. This chall is making my eyes hurt..
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-11-07 05:50
Anyone who needs help can PM me
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-07 07:18
Man, I've found the SQL error....and I can't get the RFI to work. I'm completely stuck can anyone throw a hint to me?
Author

RE: Pen 1, new

flame_1221
Member



Posts: 179
Location: malaysia
Joined: 13.05.07
Rank:
God
Posted on 25-11-07 07:28
You can PM me if you want.
127.0.0.1
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-07 18:48
Alright, here's my situation. I found the SQL error and have tried countless injections but I can't find the table name to extract information. Can I PM anyone or can anyone drop me a hint please?
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-07 20:05
Can someone throw me a bone here? lol I've been trying to get this for fucking ever and can't seem to make it happen. God it's annoying.
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-07 21:34
slpctrl wrote:
Can someone throw me a bone here? lol I've been trying to get this for fucking ever and can't seem to make it happen. God it's annoying.


Be a bit more specific, and you'll probably get some help.



Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-07 21:39
Zephyr_Pure wrote:
slpctrl wrote:
Can someone throw me a bone here? lol I've been trying to get this for fucking ever and can't seem to make it happen. God it's annoying.


Be a bit more specific, and you'll probably get some help.



Never mind about the injection. I'm having problems with setting $_SESSION['ADMIN'] to true. :\
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-07 21:51
slpctrl wrote:
Never mind about the injection. I'm having problems with setting $_SESSION['ADMIN'] to true. :\


<OT>
Please fix your quotes in your posts.
</OT>

Think about (i.e., read about) how sessions actually work in PHP. Then, just try to modify / augment the session using that.



Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-11-07 22:39
Ah that was easier than I thought lol. So I got 300 points did I finish it?

Edit: nm no lol I know what to do now tho...maybe not lol


Edit: Is the XSS portion of the challenge down? That's the only thing I can think of that I might be missing although I completed it.....I still need 50 points and I've completed 5 challenges....-_-

Edited by on 25-11-07 23:06
Author

RE: Pen 1, new


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-11-07 00:32
slpctrl wrote:
Edit: Is the XSS portion of the challenge down? That's the only thing I can think of that I might be missing although I completed it.....


Nope, it's still up... just completed it again. Try it again, I guess.



Page 2 of 3 < 1 2 3 >