Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Realistic 2

  1. Home
  2. Articles
  3. HBH Challenge Tutorials
  4. Realistic 2

Realistic 2

By ghostghost | 10884 Reads |
0     0

First thing to do is to find the directory the backup exists in. This is pretty obvious!

Next we need to read this part again:

“the backup file is named in this order year, month, day, hour, .sql with no minutes and he also heard that the backup was made on September of 2004. It looks like backup_2004-09-01_1000.sql”

This hints that the backup file name will range from“backup_2004-09-01_1000.sql“ to “backup_2004-09-30_2300.sql”

So how do we find the file? Well we could try every URL but that would take forever. Instead we need to write a script that will automatically try each URL. I am good at PHP so if you are take a look at loops and the fopen() function.

Here is a snippet of my code:

$fp = @fopen($url, “r”); if ($fp) { echo $url; break; }

When you find the sql file, it will give you the username and password which is an md5 hash. Dont waste your time brute forcing it, its a dictionary word so try one of those websites that have password dictionaries on them.

Please do not PM me asking for the file, it defeats the idea of a challange!

Good luck :-)

Comments
ghost's avatar
ghost 18 years ago

So the only way around this one is http brute?

ghost's avatar
ghost 18 years ago

maybe.. i did it differently though.. but this sounds like it works :-p, dont know too much about coding php

(javascript is reaaaaallllllly easy lol)

ghost's avatar
ghost 18 years ago

You can do it in any other language, even in javascript as masterior claims. But yes, this mission seems to require the use of brute force unless someone has another idea?

xdanx's avatar
xdanx 18 years ago

ow………….. i have used XmlHttpRequest. It uses ActiveX. i have a variable dan, for example, witch is the response. So, basically i read the "state" of the server. [404 or 200] . httpRequest uses both java and html so i you sholud do a for in that big statement…….. good luck all of you [and me, too because i didn't do it] xdanx B):);):@

jonny_cage's avatar
jonny_cage 17 years ago

Thanx for the tutorial. Made me learn PHP :-)

ghost's avatar
ghost 17 years ago

question….if we're doing this now , do we need to update it to 2005?

ghost's avatar
ghost 17 years ago

lmao. only_samurai

ghost's avatar
ghost 17 years ago

thats some crazy crap man…php..hate it

IbaiJoe's avatar
IbaiJoe 12 years ago

ok right get in line for insults… how do you use scripts ? :(

olichip's avatar
olichip 11 years ago

@IbaiJoe if you mean php scripts, just download XAMPP and search google for more infos

johnnyjhonson's avatar
johnnyjhonson 9 years ago

@IbaiJoe If you want to use Javascript and you use chrome, you can just use the chrome console: ctrl-shift-i => console.

xXspl0itXx's avatar
xXspl0itXx 8 years ago

I'm using python for this, seems easy enough but it's going to take a while to actually find the correct URL lol.