Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 32
Guests Online: 29
Members Online: 3

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-05-08 06:25
So.. I'm pretty sure by now that in this mission, after
you put the filename in
challenges/real17/?file=
that they add, or delete something.
This is because when you put links.html, it's the same
as quotes.html.

And if you go to /real17/****s.****
or
/real17/****es.****
you can see the text

echo "

at the top of the page, and in the source.
When you look at the links in the source, they are done as if
they were made to be implemented in PHP.

Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-05-08 07:43
I'm really stuck on this challenge, ive tried guessing loads of files and have gotten things I cant do but nothing that I can do. Will anyone point me in the right direction?


Author

RE: Realistic 17

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 13-05-08 10:03
for all I can say is from the excl. memeber forum is that it is some advanced php exploit, and the string you enter in the page variable is long as hell and it's got really difficult syntax, when doing reseach on it,haven't came across anything useful so far


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Realistic 17

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 13-05-08 13:27
moshbat wrote:
It's not long as hell, or even that difficult. You need to know quite a lot about php.


and that's the problem, I know only very basics, so I see it slighly differently Grin maybe a little hint to what to google for ...?(except for php tutorials Grin )


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-05-08 13:32
Obviously not then. Nobody on this forum is willing to give a single hint on this challenge, how are we supposed to beat it? Become experts at php? Cant seriously be a prerequisite to finishing the challenge.


Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-05-08 18:04
i had a friend of mine look at this challenge and he did some wierd stuff and told me at the end it has to do with some SQL.

now i don't know how accurate this is. but my friend is pretty good at this stuff


Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-05-08 19:13
This is probably one of the easiest challenges on hbh if you know what you are doing. It took me a total of 15 min to get the syntax right. Go google php streams and bingo, you have found what you need.


Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-05-08 19:22
does it involve any LDAP or Xpath injections. or can i pm you with some things i have in mind.


Author

RE: Realistic 17

Mouzi
Member



Posts: 144
Location: Finland
Joined: 08.08.06
Rank:
Newbie
Posted on 13-06-08 15:46
Anyone I can PM with what I've got on this?
I've found at least two things I could exploit and tried them on my own site, but can't get any results on the challenge :/


izuom.net/sig.gif
Steganographs

Edited by Mouzi on 13-06-08 15:47
You would try to hack it anyways.
Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 13-06-08 16:36
*Possible Spoiler*

Read up about PHP Wrappers.

=]

cueballr

P.S:Edit if its too much of a spoiler(A)


Author

RE: Realistic 17

Mouzi
Member



Posts: 144
Location: Finland
Joined: 08.08.06
Rank:
Newbie
Posted on 13-06-08 17:02
That's exactly what the exploits are what I found :D


izuom.net/sig.gif
Steganographs
You would try to hack it anyways.
Author

RE: i am close...

crashbird
Member



Posts: 83
Location: India
Joined: 15.06.07
Rank:
Newbie
Posted on 17-06-08 19:03
I think i know what to do.. just can't get it all right..

Can i pm someone with what i have..


www.hellboundhackers.org/sig/r/20526.png
elijah981 elijah981
Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-06-08 19:22
Sure, you can pm me. Smile


Author

RE: Realistic 17


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 16:09
- --- 2. Exploit ---
<?php
$file=""; # FILENAME
error_log("<? echo \"cx\"; ?>", 3, "php://../../".$file);
?>

thats what i keep coming up with when i google php streams and wrappers. i like to think i am ok when it comes to patching but i have no idea how this is exploitable here.

heres where i got it

http://securityreason.com/achievement_securityalert/41


Author

RE: Realistic 17

elmiguel
Member



Posts: 160
Location: Your Computer
Joined: 12.12.07
Rank:
God
Posted on 18-08-09 18:51
Ok , reading on on php steams /wrappers. I feel like I know what to do, but I need help on how to do it. Can I pm someone what I have?

Edit: Solved it, never mind.


The philosophy of one century is the common sense of the next. -Fortune Cookie

I would like to thank a few friends that I have made here that helped me and deserve to be mentioned:
System_Meltdown, Futility, nvrlivenvrdie, Mastergamer, TrueHacker, S1L3NTKn1GhT, Reelix, ynori7, Demons Halo, kryptor

www.hellboundhackers.org/sig/r/24963.png

www.hellboundhackers.org/sig/hbh2.png


Edited by elmiguel on 18-08-09 20:52
<script>alert('XSS');</script>