Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 19
Members Online: 3

Registered Members: 82910
Newest Member: toni7
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

Realistic 1 - Just a few hints please.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-11-06 20:50
Well, so far i have the information on administrator and johndoe.

Iv tried logging in as johndoe but it doesnt work.

"Your user and pass didnt match our records" - iv tried all different passwords.

iv heard you need to use js injections and to look on toys.php.

just need a bit more guidence. thanks


Author

RE: Realistic 1 - Just a few hints please.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-11-06 21:06
you dont need the username /password at all. use the AuthId. javasctipt inject it on the toys page


Author

RE: Realistic 1 - Just a few hints please.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 09-11-06 21:06
<--
<--
<--
<-- Check the articles section on the left, and read one Smile
<--
<--
<--
<--



Author

RE: Realistic 1 - Just a few hints please.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-11-06 01:36
Well, this isn't a spoiler, because it is posted under Real 1's description (johndoe/password): The password to johndoe is 'password' without the single quotes ('Wink.

After you log in, you need to find a certain directory, which will give you the AuthID for the admin. Go to toys.php, and inject the AuthID, then change the price. There you go!
Author

RE: k


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-11-06 21:30
ok thanks iv found that. i last ttried the injection on the login page :s il try on toys now.. thanks.


Author

RE: ok...?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-11-06 22:43
well iv got the javascript:void(docu<i></i>ment.cookie="AuthID=******"Wink;

but when i enter it on toys.php and refresh... nothing happens at all?


Author

RE: Realistic 1 - Just a few hints please.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-11-06 22:45
change all the variables, not just the password, and then refresh.


Author

RE: .


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-11-06 22:47
sorry, what do you mean by variables?
as far as i can see theres only 1 :whoa:?




Edited by on 10-11-06 22:48