Follow us on Twitter!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 22
Members Online: 4

Registered Members: 82824
Newest Member: devilslegion
Latest Articles
View Thread

HellBound Hackers | Challenges | Timed Challenges

Author

timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-08 15:19
just wanted to know if the wordlist changes in timed 3...

i.e. can i just download the wordlist then find the md5 hashes and compare them to the given one? or do i have to convert the words at runtime?


Author

RE: timed 3 - quick question

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 22-06-08 15:39
It doesn't change, but getting all the hashes would be little time consuming, don't you think. Just encrypt all the passwords and compare theme to the give one... Dunno what language are you using, but in code bank you can find pel scripts I used to solve those


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-06-08 16:27
Yeah, without being too language specific, you can either convert the hash the wordlist, then use that in your program, or have it all built in, but make sure to hash all the words before you make the request for the page, it saves time.


Author

RE: :P


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-08 11:46
well to be honest im using c++ but i have no idea how to interact with webpages :ninja: , but i wrote a program already that hashed the wordlist into a new file. so using that file im trying to write a PHP script.

I was thinking of using two arrays and one index counter. then just strcmp() the hasharray[i] and the one on the webpage and then using that index to get the plaintext. (i'm really new to PHP so i couldnt be bothered with associative arrays Sad ). Having never used PHP before, do you think will this be efficient enough to find the plain text in the time limit?

ps. i wrote the c++ program to output PHP array declarations... so i have a PHP script with two 100 element arrays in it. So all the hard work is already done!


sorry im really bad at explaining stuff Sad


Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-08 13:04
If you're using PHP try setting up an associative array for looking up a
hash. So, before you connect to the webserver, open the wordlist and
generate a hash for each word, using the hash as the key for each word in
the associative array.

Then, later on when you're accessing the page, all you have to do is grab
the hash, look it up in the associative array and post the answer.

PS. If you need help with associative arrays check out this guide, it is NOT
as hard as you may think it is. Just consider them an array using a string
as the index, rather than a integer.
http://phpjournal. . .rrays.html
Author

RE: timed 3 - quick question

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 23-06-08 13:18
Just hash up the whole wordlist before yous rtart, dump it in an array first, and then make the pull fromt he site, then you only need to compare the hash and pull it from an array.

Depending on what language you're in you can optimise this lookup process to varying degrees.


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-08 13:48
Im sure richo will back me up here, python makes this dead easy, using a dictionary data structure, you can create entries in the format plaintext:hash, so you can compare the hashes and retrieve the plaintext with no hashing during the timed part. Im sure PHP has a similar data type. I'd give that a go.

gl

*edit* - By the looks of it those 'associative arrays' are the equivalent for PHP.




Edited by on 23-06-08 13:49
Author

RE: timed 3 - quick question

richohealey
Member



Posts: 1022
Location: #!/usr/local/bin/python
Joined: 01.05.06
Rank:
Monster
Posted on 23-06-08 14:04
That's it, jj.

Anyway, yeah, either approach will work.

I can't attest to it, but i'm told that a mixture of urllib2 and cookiejar makes this easy.

I decided to be a smartass and wrote my own http retriever, it was faster.


bitchohealey at hotmail dot com skype:richohealey www.psych0tik.net
Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-08 14:13
Yeah I used urllib2 and cookiejar and once I wrote the request framework, I reused it for all the timed challenges. Naturally if you're not a python wizard like richo you wont be writing your own libraries Pfft. Would be interested to see them though richo, any chance of posting them on ure freewebs/code bank/PMing them to me?

cheers


Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-08 11:15
allright, thanks for the help guys. will let you know how it goes...

B)


Author

RE: timed 3 - quick question

Mouzi
Member



Posts: 144
Location: Finland
Joined: 08.08.06
Rank:
Newbie
Posted on 27-06-08 15:49
Wait, you were supposed to hash the wordlist first and then compare? :D I added a MD5 function to my JavaScript when I did that challenge.


izuom.net/sig.gif
Steganographs
You would try to hack it anyways.
Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-06-08 17:28
All I gotta say is: "Dont look now your momma's got her boobs out. Showin everybody in town"-Rodney carrington. lol, man when it doesnt make sense take a break. So chill out and let the answer come.


Author

RE: last question :P


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-08 19:27
okay so forgive my lack of focus Pfft but i,m now writing it in greasemonkey and ive written it all and it works fine...but heres the thing. how the f**k do you search a webpage as if its a string in javascript? Thats the only part missing and then i can actually do all 4 challenges....

yeah so: can some one help me?


ps. me no likey python Pfft, beautifulsoup! say what?


edit - okay! so noone know how one may handle a website as a string?




Edited by on 03-07-08 07:13
Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 04:29
What kind of hash is it?

Right now i md5.new, md5.update, and md5.digest, throw it all in a dictionary, and compare, but md5 sums have no alphanumeric characters, including null bytes, but these are just alphanumeric, am i doing the correct hash

Thanks
Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 04:34
Code

>>> from hashlib import md5
>>> md5('SwartMumba').hexdigest()
'b55a71963c5a1eed3dcd00f54576b80c'
>>> print 'or'
or
>>> import md5
>>> md5.new('SwartMumba').hexdigest()
'b55a71963c5a1eed3dcd00f54576b80c'
>>> 'b55a71963c5a1eed3dcd00f54576b80c'=='b55a71963c5a1eed3dcd00f54576b80c'
True
>>>






Author

RE: timed 3 - quick question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-09-08 04:41
hah, added three characters 'hex' to my code and I got it on my first run.

I also got lucky with my internet speed and managed to get timed 1 in time.
Author

RE: timed 3 - quick question

Infam0us
Member



Posts: 153
Location: 0x080484c6
Joined: 06.09.07
Rank:
Apprentice
Posted on 05-09-08 04:48
K_I_N_G wrote:
All I gotta say is: "Dont look now your momma's got her boobs out. Showin everybody in town"-Rodney carrington. lol, man when it doesnt make sense take a break. So chill out and let the answer come.

Thats curious why is your joined date and rank reversed?


"Never memorize what you can look up in books." -Albert Einstein
www.rohitab.com/discuss/style_emoticons/default/suicide_anim.gif
[img]http://www.hellboundhackers.org/fusion_infusions/buddy_panel/buddy_delete.php?id=2783[/img]


[img]javasc ript:alert(document.cookie);[/img]