Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82889
Newest Member: Geriztul
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Author

Pen test 1,Sessions part.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-07-10 11:05
Been trying this for quite some time:

(Please tell me if the following reveals too much)

1.)I got the "secret" directory

2.)I know the vulnerability

(LOL,started learning PHP 2-3 days ago, got till the sessions part, remembered the $_G** and the URL in the challenge,
did a search on google, my suspicions were confirmed)

3.)I tried directly accessing *The File*,got the error.

4.)Then tried the LFI method,it merely said "You have completed this..."

5.)Is there something wrong in what I have done? I didn't even get the "Fuxx" message.

Also,I am unable to get logged in as a normal user(nooblet) while the forum says it isn't necessary,I would like to know why.

If there are spoilers above,I'm sorry.Smile




Edited by on 10-07-10 12:06
Author

RE: Pen test 1,Sessions part.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-07-10 12:24
Read about PHP Session Cookie Parameter Injection Vulnerability. The username and password are simply there to waste your time.
Author

RE: Pen test 1,Sessions part.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-07-10 16:09
Is this Mosh's challenge? He's uber anal on spoilers. The username/password might be a spoiler. I did this challenge not too long ago and I have no idea what you mean by the php sessions bit. I might be forgetful or maybe you're on the wrong track.

Sorry this one isn's mosh's, is this actually by dark mindz or a crack at them?

Fixed a typo which completely changed the meanign of this post lol




Edited by on 11-07-10 00:51
Author

RE: Pen test 1,Sessions part.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-07-10 16:58
The second one is MoshBat's. Never would have completed it without his help. The hint I gave is from the previous threads.
Author

RE: Pen test 1,Sessions part.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-07-10 18:12
I know the vulnerability,I have to add to the parameter, etc,etc.(&Wink)

What I want to know is:
How do I access *The File*?

And the username/password is not a spoiler,it's present in the index of Pen-test challenges.

I seriously doubt that they are present only to waste my time,maybe they make a part of the mission easier/are an extra challenge?

Can I PM someone with what I have tried?Smile


Author

RE: Pen test 1,Sessions part.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 12-07-10 06:01
i did most of this one and i dont know shit about php, well just a little, you can easy overthink it that is=true ??? that help? you can pm if you need more help Grin