Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Monday, September 26, 2016
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 32
Guests Online: 32
Members Online: 0

Registered Members: 95725
Newest Member: M2Prankster
Latest Articles
View Thread

HellBound Hackers | Challenges | Pen Testing Challenges

Author

Pen testing 2 - stumped!

synstealth
Member

Your avatar

Posts: 812
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 19-09-13 05:31
I have read all of the pen 2 threads and articles - I find them not very helpful except for a few areas to focus on.

so far I have found the hidden db info and a way to modify the news.

im stumped on the injection and trying to login as admin.. I have no clue how to get to the login. I keep getting big red 'ERROR' message on two places.

any pointers or a push would be grateful. or at least open up a discussion on this topic.

know where to Look
Author

RE: Pen testing 2 - stumped!

rex_mundi
☆ Lucifer ☆



Posts: 1986
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 19-09-13 12:44
There is no sql injection in this one. The challenge gives you everything you need to login, and when you do, there are several pointers that will show you what to do next.
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Pen testing 2 - stumped!

synstealth
Member

Your avatar

Posts: 812
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 28-09-13 15:55
gotcha, I am up to 135 points now...

I got in and saw what I needed to see..

I am down to only 40 points left of the exploit.. I am suspecting it has something to do with trying to manipulate image tag?


any pointers?
know where to Look
Author

RE: Pen testing 2 - stumped!

rex_mundi
☆ Lucifer ☆



Posts: 1986
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 29-09-13 00:19
CSRF
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: Pen testing 2 - stumped!

synstealth
Member

Your avatar

Posts: 812
Location: /etc/shadow
Joined: 30.11.04
Rank:
God
Posted on 02-10-13 15:21
yeah -- It was right in my face! lol..
know where to Look