Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 19
Members Online: 1

Registered Members: 82807
Newest Member: Black Hawk
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Author

Penetration Testing 1, DoS hint


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-10 13:52
The article gives the hints of overflowing which is similar to that of a numeric calculator. It can't be divide by zero, since that raises an exception, so I tried entering a large amount of data in all the fields.

The article says 'overlow the connection', but I'm not sure what that means. I'm sure this challenge has nothing to do with literally DoSing the page with multiple requests.

The article asks us look for information shared between pages, so I put news=<very large string>, but the server complained saying that URL was too large. I set the PHPSESSID to the large string, and as expected, I logged out. Any hints?

P.S. I don't understand how I used the cookie exploit clearly. Can I PM someone to ask how it works?

Edited by rex_mundi on 25-03-13 22:51
Author

RE: Penetration Testing 1, DoS hint?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-10 14:03
An ID is usually expected to be a numeric value Wink.
And you can PM me.


Author

RE: Penetration Testing 1, DoS hint?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-10 17:14
Your PM helped me. Thank you very much for your assistance!
Author

RE: Penetration Testing 1, DoS hint?

th3l05tpr0ph3tz
Member



Posts: 21
Location:
Joined: 01.05.11
Rank:
Newbie
Posted on 08-06-11 08:59
Wow im glad i read this first... the first thing i though of when i saw DoS was a possible exploit was to actually try flood the server with requests, glad i stopped and use my mind for a split sencond:xx:
sql_syring3@hush.com
Author

RE: Penetration Testing 1, DoS hint?

dragon647
Member



Posts: 20
Location: /home/bin
Joined: 04.04.08
Rank:
Newbie
Posted on 08-06-11 22:39
In a lot of challenge, the aim is to put the good string where it is needed. Using a DoS software, or trying to DoS the server can't be the good way to valid the challenge =]
So, you have to remember there a script to add your points, like this:

if ( $variable == "answer" ) { // only an example
give_points();
}

It should be more difficult to analyze a real attack :ninja: and to give points...


i26.servimg.com/u/f26/11/36/79/25/darksi10.gif

Edited by dragon647 on 08-06-11 22:41
Author

RE: Penetration Testing 1, DoS hint?

th3l05tpr0ph3tz
Member



Posts: 21
Location:
Joined: 01.05.11
Rank:
Newbie
Posted on 09-06-11 03:42
yeah i figured as much, also i love this site, so i wouldnt want to crash it
sql_syring3@hush.com