Follow us on Twitter!
Imagination is more valuable than knowledge - Albert Einstein
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 21
Members Online: 1

Registered Members: 82807
Newest Member: Black Hawk
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-06 03:34
Ok, I have the admin username, pass, and authID, and I keep using javascript injections but nothings happening. I tried using them all at once, then refreshing, one at a time, after each one refresh, and one at a time, after all of them refresh. Can someone tell me what im doing wrong here?


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-06 03:38
I think that theres only one JS injection that you need to od, and that is the one to get your AuthID that of the admins.


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-06 18:41
Gee, as a hacker I don't seem to be doing real well...

I think I found what I need to find (the John Doe and Admin files) but I can't work out the password... it's encrypted and I can't make sense of it.


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-06 18:52
you dont need an admin password for this one, its in the ajvascript commands...

learn how to make javascript variables into what you want them to be. in this case, the AuthID is a JS variable. always try alerting your cookies to see what they are and what they contain. They should be changeable to what you want. Since you already have the admin's AuthID, if you make YOUR AuthID HIS, then the website thinks you are the admin, SOOOOO, that means you have access to the admin stuff.

*do it on the page that is needed to beat the mission.




Edited by on 06-07-06 18:56
Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-06 19:10
well, it sure sounds like it would work if i did that...

I changed authID to the value I got on the admin page, but refreshing the page doesn't give me any SUPAR DUPAR ADMIN stuff... Angry


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-06 19:29
It tell you the username and password to use...


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-07-06 19:42
well, it said "password = password:" and then some encrypted stuff which (I think) I don't need to encrypt...

after all, JohnDoe's password "password" is encrypted in his file too.

What I was trying to do was go to the Toys page, set my AuthID to the admin AuthID then refresh the page.

bah, I feel stupid asking for help on the first one. Frown


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-06 03:29
Dont we all? Anyways, I keep trying javascript injections to alter the cookies, or set my AuthID to his, but it just isnt working, I even tried it on different pages. Its just not working.


Author

RE: Real 1

interslice
Member

Your avatar

Posts: 121
Location: my place of course!
Joined: 05.10.05
Rank:
Newbie
Posted on 07-07-06 04:51
are you doing the javascript injections on the right page? (the toys page)?


hellboundhackers.org/sig/r/3880.png
Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-06 16:51
Yeah, I tried it on all of them.


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 07-07-06 19:51
After doing some of the harder JavaScript challenges, I forced my way on as Admin...

bah, I set the price to 1 cent and it says "go cheaper", but I can't make the software free either Sad

EDIT:

Thinking too hard... use something simple but still much cheaper than original price. This is easy part.




Edited by on 08-07-06 15:29
Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-07-06 03:35
I don't know what is worse. The fact that trying to look up javascript injection on google brings up nothing but news articles and forum posts from security websites to domestic websites warning them of their vulnerabilities, or the fact that anytime I see someone ask for help with javascript it is like talking to a tree stump... I don't care for the exact answer but I (or anyone else that has asked for help that I noticed) have no friggin' clue about javascript outside of the javascript:alert(document.cookie) tag which doesn't do a whole hell of a lot... I just want a simple list of commands for javascript injection commands, even if the variables are filled with wildcards so atleast I can figure out what to do. But running off of just the document.cookie one is a load of crap and I think some people need to stop using that one as a hint for every question about javascript... *takes a deep breath* Okay, I'm calm now.


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-07-06 05:54
just use your skills that you applied in the Javascript challenges after finding the cookie info in that *special directory (in that file)... it's gonna be simple injection after you find the holy grail which is the directory -- it is the key to this mission


Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-07-06 01:38
wel once u CHANGED the cookie value to the admins AuthID (don't make a new cokie with this value or delete the old one, could not work like this , just change the existing one)
Try deactivating JavaScript in your browser settings and THEN refreshing the page. cause it could be that you get the AuthID just by loading the page(like in that JavaScript chalange, dono which one it was)
Author

RE: Real 1


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-07-06 04:52
just read my artical!!! Look in my profile to find it!

SwiftNomad