Join us on Slack!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Monday, October 14, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 98
Guests Online: 96
Members Online: 2

Registered Members: 118967
Newest Member: Frosh
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Real 12

inyourcloset
Member



Posts: 53
Location:
Joined: 06.05.16
Rank:
Hacker Level 2
Posted on 11-05-16 22:37
So... I've read all the other posts on the matter, along with the articles for it.
But I'm stuck at the very beginning.
I can't seem to locate the dir, or any place that I could get info from, such as a hash, or users.
Am I supposed to find the correct PNB to inject into "index.php?page=cafe.php"?
I've tried many combinations for dir's, searching through their sources, checking headers, and cookies, etc. But I'm still clueless.
The only article for this challenge mentions the similarity of this to basic 9, 10, and "Willy's" php exploits. I cannot find a user with that name, and I have yet to find a google result.

I need a hint.
Author

RE: Real 12

Huitzilopochtli
Member



Posts: 1622
Location:
Joined: 19.02.13
Rank:
God
Posted on 12-05-16 04:28
This was a cool challenge with 2 totally different ways you can complete it, and like the article says its very like basic 12.

Also there is no "correct" null byte, but you dont need one here anyway.
Author

RE: Real 12

inyourcloset
Member



Posts: 53
Location:
Joined: 06.05.16
Rank:
Hacker Level 2
Posted on 12-05-16 17:28
I don't understand how it resembles basic 12. Sure, there's a protected dir. Sure, there's a protected .htaccess, and, .htpasswd.
But unlike, basic 12, they don't give you the password hash at the beginning. I've tried everything I can think of that I've learned so far (which should be enough, according to the article, at least to get the admin).

The only other thing I can think of is maybe I should try using some type of fuzzer to check for dir's I can't think of?
Author

RE: Real 12

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 12-05-16 23:25
If you're looking for directories using the page= part it won't work, as thats only for filenames, you'd have to add the directories at the sites root.
Anyway, you already mentioned two filenames in your last post, did you even try to look at either of them ?
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Real 12

inyourcloset
Member



Posts: 53
Location:
Joined: 06.05.16
Rank:
Hacker Level 2
Posted on 13-05-16 00:07
@rex
I'm aware of not adding the dir's to the search.
Yep, all I get is a popup login. Which I can't mess with. The error page it gives after aborting the request doesn't tell me anything useful, neither does it's source, and neither does the headers, or other info I can think to try and pull from it.

**EDIT** So, I didn't know there was a help bot on the side bar. So I asked it, and it suggests I look for a .txt file that I'd use to login?

I'm begining to think I didn't do that basic level the way they expected me to. Because I get referenced to:
https://en.wikipedia.org/wiki/File_inclusion_vulnerability
Sooooo maybe LFI will be useful in my situation now.

Edited by inyourcloset on 13-05-16 00:37
Author

RE: Real 12

rex_mundi
☆ Lucifer ☆



Posts: 2017
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 13-05-16 00:51
There was only one way to do that basic, maybe you need to go look at it again, then maybe you'll know what to do with the directory name and the filename you know exists in real 12.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Real 12

Huitzilopochtli
Member



Posts: 1622
Location:
Joined: 19.02.13
Rank:
God
Posted on 13-05-16 00:57
If you wanna go the easier .txt file way, just use the filename, and forget the directory.
Author

RE: Real 12

inyourcloset
Member



Posts: 53
Location:
Joined: 06.05.16
Rank:
Hacker Level 2
Posted on 13-05-16 02:50
Thank you guys for being so great at teaching!
I went back and redid basic 12 again, as rex suggested.
It's the info I needed. Sorry for being so dull minded at times.
Author

RE: Real 12

Huitzilopochtli
Member



Posts: 1622
Location:
Joined: 19.02.13
Rank:
God
Posted on 13-05-16 03:19
It's cool man, nobody is more dull minded than me. Thumbs Up