Follow us on Twitter!
The measure of a mans life is not how well he dies, but how well he lives.
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 27
Guests Online: 24
Members Online: 3

Registered Members: 82829
Newest Member: mmoclauq
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 14:26
Ok, this challenge may appear to have bugs but it doesn't:

1) If you get errors when trying to hack the admin page its ok, its suppost to do this.

2) If your playing about with encryption/decrytion pages and your decrypted text isn't exactly the same as the text you encrypted its ok, the text you have to decrypt for the challenge will work.


Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 17:12
Very nice challenge, hopefully I'll be one of first to complete this. Very nicely set up too.
Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 17:16
i think system_meltdown got the hands up first for that... anyway i'v been stuck up on this... its always saying im on the right track...


Author

RE: Real 9

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 17-12-05 17:30
Yup completed it as soon as I found out it got released Smile


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 17:32
system_meltdown can u give me a hint on that... admin.php.. u should have already known how far i'v been..


Author

RE: Real 9

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 17-12-05 17:37
i completed it fairly fast, so here's my tips (i didnt script this challenge, so i havnt cheated).


on the front page it says "updated to mysql login"... so perhaps a SQL injection would work. (scankyfrank has scripted it so it doesnt "look" for sql injectoins. the only way you can hack it, is if you actually sql inject it yourself, and create your own sql injection to work with the script)

So you could try bypassing the login via your own custom sql injection


once you get into the admin panel, its straigth forward you'll be able to work out the rest.

dont forget to PM the liberals the dycrypted message Wink


http://www.hellboundhackers.org/
Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 17:51
FlaKe wrote:
i think system_meltdown got the hands up first for that... anyway i'v been stuck up on this... its always saying im on the right track...


it says that if you use certain mysql commands that could potentially be used maliciously.


Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 18:16
i'v tried something like [edit by cheese] basic sql injections [/edit] but no luck yet.. Sad




Edited by Mr_Cheese on 17-12-05 18:48
Author

RE: Real 9

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 17-12-05 18:40
[edit due to spoilers] - please PM Flak instead of posting this on forums. thanks [/edit]

If that is a spolier please delete it.


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png



Edited by Mr_Cheese on 17-12-05 18:49
http://www.elites0ft.com/
Author

RE: Real 9

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 17-12-05 18:52
Lol I thought it might of got edited.


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 19:14
oops.. sorri for the spoiler... anyway got it now... Smile


Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-12-05 20:01
LMAO I had it all along except I didn't put it in both places. Very nicely set up Skank.
Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-12-05 12:20
i just used the injection i uses anywhere, and it seems like it works 90% of the time!
Author

RE: Real 9


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-12-05 13:40
hmm, i get 'you on the right track but stick to the mission.' But this just comes up when i enter a certain SQL statement. I can also generate this error:

Code
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/hbh2/public_html/challenges/real9/admin.php on line 140




Any hints?




Edited by on 20-12-05 13:41