Basic Web Hacking *ALL*

Basic Web Hacking *ALL*

By ghost | 81747 Reads |

0     0

NOTE: While doing HBH challenges, I have come to realize that Firefox is the best browser to use. You can get it at http://www.getfirefox.com

BASIC 1: This is what is sometimes referred to as “the idiot test”. If you have no idea what to do, you should look up what ‘source code’ is on google. If you do know what source code is…

BASIC 2: It’s asking for the source of the IFRAME. http://www.w3schools.org is a good place to check out what IFRAMEs are and how they work. Then find the source and paste it into the textbox and submit.

BASIC 3: This challenge is very easy to do if you have Firefox. You should search for ‘firefox’, ‘user’ and ‘agent’ in google (without quotes). Follow the instructions on changing user agents to pass this level.

BASIC 4: Read the error. If the password file isn’t in the directory ‘basic4’, then it might be a good idea to check other directories… NOTE: the password is case sensitive.

BASIC 5: Read the source code. Note:

• the format of an email address
• the format to enter the password
• ONE wildcard is sufficient for “xxx.com” In my opinion this challenge wasn’t a very good one.

BASIC 6: A VERY tricky challenge, because you have to get the syntax exactly the same as the solution. First, you should familiarize yourself with the commands CHMOD and RM (in LOWERCASE). Next, find the directory where the ‘logs.txt’ file is kept. This should be pretty obvious… where would you keep logs? Lastly, the way to write ‘all+execute’ is ‘a+x’ (without quotes).

Now you have to CHMOD the ‘logs.txt’ file to ‘all+execute’, RM the ‘logs.txt’ file and RM the other log file that you will find. Don’t forget the dollar sign, and you MUST put a space after the dollar sign before you put the command.

BASIC 7: For this challenge, you need to know about how to do simple javascript injections to find your cookies and how to change them. Once you’ve located the username you need, submit it in the form. Oooops! You’re not authenticated! How do you get authenticated? Remember the intro talking about ASCII encryption? What it means is that it checks the username you enter against a cookie which contains the (binary) encrypted form of the username. I recommend http://www.yellowpipe.com/yis/tools/encrypter/index.php Once you’ve converted the username into binary, change the username cookie into binary form (without spaces). Refresh the page.

Now you have to get past a SECOND form. But, remember how the intro said this form was vulnerable to SQL injection? Look this up (there are some good articles on HBH) and type in the injection. More points!

BASIC 8: It’s always good to try some random text as a password. Who knows, you might randomly guess the correct password! But you should always check the source, even for the most unlikely pages such as the one that tells you you’ve got a wrong password…

See the commented tag? It shows how you can input a GET variable into the PHP script. Google this if you don’t understand what I’m talking about. Now, you want to find what the database contains, so instead of just trying to find rows WHERE password=‘xxx’, use a more general statement…

BASIC 9: You should have a good understading of how the Posion NULL Byte attack works. Google this to see what it is, but I’ll try to explain what it does. Basically, it tricks the script into thinking it’s the end of a command. In this case, try looking for where the login script is and append a NULL byte on the end. This takes you to the next stage where you can read the PHP script to find what username and password you’ll need.

BASIC 10: You’ll need to be able to change your IP, and I think you’ll have to use a proxy. My IP was already in one of the allowed ranges so I didn’t have to do much for this challenge. If you’re lucky, you won’t have to either. Just click the link to test whether you need to change your IP or not.

BASIC 11: Go back and see what you did for Basic 3. This time, howver, you’ll also need to change the OS specified in the user agent string as well. Wikipedia has a good article on user agents plus lots of examples as well.

BASIC 12: For this challenge, you might need to disable any worm detection programs such as Norton Antivirus, as attempts to view .htaccess files may be detected as worm attacks (even though they are not). On the main page, look at the address. Try inputting different directories into the variable ‘page’ and see what you can find. It may pay off to search how Linux checks passwords. Also, bear in mind that “/protected/xxx” is different from “protected/xxx”. After finding the password hash, you’ll need to break the encryption using a brute-force cracker. I recommend ‘John The Ripper’ with the ‘Cain and Abel’ wordlist.

BASIC 13: It’s as simple as it says. Log in as George! But you can’t change the script using javascript injection this time because the tags don’t have a name. How else can you change the contents of a file? (ctrl+s may be helpful =D)

BASIC 14: One of the simplest challenges. Remember what you did in Basic 1?

BASIC 15: http://www.google.com/support/webmasters/bin/answer.py?answer=33570&topic=8460

BASIC 16: You can try the injection you used at Basic 7. Whooops! It doesn’t work! Look up other forms of SQL injection and try those…

Well, there’s my first article finished. Please rate fairly, and tell me any corrections I should make. -phoenix121