Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Challenges | Timed Challenges

Author

Timed 6 broken

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 02-03-13 21:34
Timed 6 seems to be impossible to solve right now.
It expects all of the url parameters to match, which is never gonna happen, probably because of the way google generates the urls.

Just to show an example of what I'm talking about:

Wrong string, or you went over the time limit!
Time to complete by:1362259698
Submitted time:1362259696
Your 'url' input, decoded:/url?q=http://www.informatics.jax.org/&sa=U&ei=8G4yUeuEF6SB4gSl_oEw&ved=0CDEQFjAE&usg=AFQjCNFLtEAbQDNLJHrrbtoXC94nRI0INw
Accepted answer: /url?q=http://www.informatics.jax.org/&sa=U&ei=724yUdCcMImRhQeZz4HIBw&ved=0CDEQFjAE&usg=AFQjCNFSTV8cA32fRWV1rSMrcJDoO-MRjw


Edited by stranac on 02-03-13 21:35
Author

RE: Timed 6 broken

rex_mundi
☆ Lucifer ☆



Posts: 1458
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 03-03-13 01:55
Not 100% sure why it's doing that, but I noticed that earlier too when I was redoing it in python.

Eventually I did it with cURL instead and I just let my script run 20-30 times till it got one that worked, so while it may be buggy, it is passable.

I know Euforia33 is using python for this too, maybe it's an issue with that?




Edited by rex_mundi on 04-03-13 01:15
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: Timed 6 broken

Euforia33
philalethes



Posts: 867
Location:
Joined: 05.10.09
Rank:
God
Posted on 03-03-13 01:59
Thank you! I was starting to think I was the only one having a problem with this one. This is the result I just got:

Time to complete by:1362275595<br />
Submitted time:1362275593<br />
Your 'url' input, decoded: /url?q=http://www.thesimpsons.com/&sa=U&ei=Ca0yUbHCF4e4hAeR2oG4Bw&ved=0CBcQFjAA&usg=AFQjCNHHAHupXJSYrpkILidaIRVqZmOLcA
Accepted answer: /url?q=http://www.thesimpsons.com/&sa=U&ei=CK0yUcumNMGmhAeh3YCwCQ&ved=0CBcQFjAA&usg=AFQjCNHONWtNhJeO91v8qtfd-nJy6ZI07w


No matter what I do, I can't get all the data to match.?.

Noo, 503! *VA*

Edited by Euforia33 on 03-03-13 03:33
Author

RE: Timed 6 broken

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 03-03-13 17:28
I ended up putting my code in a loop and caching the accepted answers.

It accepted one of the cached answers, after a few minutes of running.
Author

RE: Timed 6 broken

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 03-03-13 20:36
stranac wrote:
I ended up putting my code in a loop and caching the accepted answers.


That's how I completed the challenge myself. The challenge was changed from it's original version a few years ago and I updated some of the code.
If your running a script from the first version it will not work. The challenge can be solved (As of now more than 6 members have completed it), So it will remain the way it is, More of a challenge from the original version anyways.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Timed 6 broken

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 04-03-13 10:32
korg wrote:
The challenge can be solved (As of now more than 6 members have completed it), So it will remain the way it is, More of a challenge from the original version anyways.


I think that's just stupid.

Sure, it can be solved, and yes, it's more difficult.
But it's no longer a challenge about googleing(actually searching is just a waste of time), but about caching, and hoping that you'll eventually run into something that gets accepted.


Btw, I know why solving the challenge in php works: it's a bug.

Edit: See your PM's stranac.

Edited by Euforia33 on 04-03-13 13:25
Author

RE: Timed 6 broken

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 04-03-13 19:39
I think that's just stupid


What's stupid is this challenge was changed over 3yrs ago by only_samurai due to multiple CSRF and XSS vulnerablities and Nobody complained until the points reset. I may just change the challenge description.


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Timed 6 broken

untitled
Member

Your avatar

Posts: 1
Location:
Joined: 05.07.13
Rank:
Mad User
Posted on 07-07-13 11:07
The reason this challenge is broken is that Google is including a unique client identifier token for each link. Thus your answers will _never_ be the same as the answer of HBH's server - since they get different client tokens.

There are multiple ways to fix this.

Either use the original links within the <cite></cite tags instead, or strip the unique client token from the result. Either way, loop and brute force should never be a solution to a timed challenge.


Wrong string, or you went over the time limit!
Time to complete by:1373191374
Submitted time:1373191371
Your 'url' input, decoded:/url?q=http://fedoranyc.com/&sa=U&ei=zTzZUdfEHMWt4AThvIGgDw&ved=0CEIQFjAJ&usg=AFQjCNGt6C2gZzQMpCGuteX3n2sJ9zh2cA
Accepted answer: /url?q=http://fedoranyc.com/&sa=U&ei=zTzZUd-ZCtGf7AbJ7oGwBA&ved=0CEUQFjAJ&usg=AFQjCNE5ia3j4iLLoeZQHg2XLqrczkJxxg


Edited by untitled on 07-07-13 11:07
Author

RE: Timed 6 broken

Euforia33
philalethes



Posts: 867
Location:
Joined: 05.10.09
Rank:
God
Posted on 07-07-13 20:59
It's good to see that someone else recognises that there is a problem with this challenge. When I first completed this in 2009, all that had to be returned was the URL for a given result, there was no client/session tokens or anything tacked onto the end of the result.

I still cannot see how we can return the exact result as it changes for each person and even the server itself. I tested this by taking one of the "accepted" answers and feeding it right back to the challenge page when it asked for the correct keyword and listing number (my previous post has an example of this) , it still didn't work as the information tacked onto the end of the URL on HBH result, had changed *VA*

Edited by Euforia33 on 07-07-13 21:01
Author

RE: Timed 6 broken

ZyrgEr
Member



Posts: 5
Location: Finland
Joined: 07.10.12
Rank:
God
Posted on 29-08-13 07:00
I actually managed to finish this with just one run (after a many test runs). Was I lucky or has this challenge been fixed?

Either way and besides my newbiness this challenge is definitely worth fixing. I believe the purpose of this challenge isn't getting all those secret and mysterious url parameters which google have putted since they are not static.

Could be easily fixed I believe?
Author

RE: Timed 6 broken

rex_mundi
☆ Lucifer ☆



Posts: 1458
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 29-08-13 08:06
I think korg was going to fix it but had to go into hospital to have his scrotum enlarged.
U N Ⓡⓔⓧ_Ⓜⓤⓝⓓⓘ
Author

RE: Timed 6 broken

Ninja
Member



Posts: 13
Location: Unknown
Joined: 02.05.13
Rank:
God
Posted on 29-08-13 11:23
sounds legit rex. Tee-Hee-Hee



0100111001101001011011100110101001100001010010010111101000110001001100110011001100110111

5445414D20484248204f574E53


054127a9d6ca17cf951fc1e86afa2009


SEJITmluamEh
/3/ /3/ http://www.hellboundhackers.org
Author

RE: Timed 6 broken

korg
Admin from hell



Posts: 2798
Location: ENDING YOUR ONLINE EXPERIENCE!
Joined: 01.01.06
Rank:
God
Posted on 31-08-13 09:33
Yeah, Stripping the google shit is on my list, I'll give it ago in a bit here.

rex_mundi wrote:
I think korg was going to fix it but had to go into hospital to have his scrotum enlarged.


No Rex it was my sinuses but it's nice to know your always thinking about my package. Frown


i57.photobucket.com/albums/g215/korg1269/shodan13.jpg

I deal in pain, All life I drain, I dominate, I seal your fate.
O R
Author

RE: Timed 6 broken

asdfgasdfg
Member

Your avatar

Posts: 5
Location:
Joined: 11.09.13
Rank:
Hacker Level 1
Posted on 20-09-13 14:20
Is this challenge still down? I'm positive I'm faster then 1 sec. How should the url be constructed before encoded? http://www.xxxxxxx.yyy/?
Author

RE: Timed 6 broken

stranac
Member



Posts: 149
Location:
Joined: 15.11.08
Rank:
God
Posted on 28-09-13 22:52
It's never been down. It's just not working as originally intended.
And since it's the admins' view that it's not broken right now, I guess that won't be changing.

If you're just looking for a way to solve this, check my second post in this thread.
Author

RE: Timed 6 broken

Mordak
Evil Sorcerer



Posts: 571
Location: England
Joined: 01.01.70
Rank:
Elite
Posted on 29-09-13 00:15
stranac wrote:
And since it's the admins' view that it's not broken right now, I guess that won't be changing.


You would be wrong with that statement. As Korg said its on our list.


http://developers.hellboundhackers.org