Basic 18-27(-24)No spoilers
Basic 18-27(-24)No spoilers
ghost | 20250 Reads | Basic 18-27(-24)(spoiler free)
Basic 18 Ok you read the description but what the hell is blind something well it’s got the letters that is an abbreviation of something;) So what you need to do now is read up on Blind *** and try and see if you can use it to your advantage.I would start by reading: http://www.hellboundhackers.org/articles/345-blind-sql-injection.html Then reading: http://www.hellboundhackers.org/forum/viewthread.php?forum_id=7&thread_id=12870#110991 to push you in the right direction
Basic 19 Well he know it’s something to do with the header so read up on it google it etc. and go to: http://web-sniffer.net/ And find out what the password is!But it’s encrypted:0 How do we know what type of encryption it is???:( OH!Look the site has told us find a decryption tool for that encryption decrypt it and there’s your answer! My personal favorite is: http://www.senses0.org.mv/popzees/rot/rotn.php Basic 20 Well it says who you can login as so why don’t you! Great now you should see a message saying logged in as fire.But we don’t want to be fire.WHO do we want to be??That didn’t work:(I know lets try a type of injection in the login page.That didn’t work.Mabey we should mix the two together;)
Basic 21 This is a challenge that stumps almost everyone.Here is my advice to complete the challenge: read this PDF: www.ngssoftware.com/papers/advanced_sql_injection.pdf After you read it try and put what you’ve learnt into action. HINT:Use the error message;)
Basic 22 Google up on Unix commands and use the one which will help you most.View the source to find a dir and use that dir in the command.Here’s a little help: http://www.indiana.edu/~uitspubs/b017/ Hint:You want to list the files in that directory;)
Basic 23 Alright well by looking at the description we know it’s RFI.So if you don’t know how to use it google!Right so let’s look at the URL: http://www.hellboundhackers.org/challenges/basic23/site/show.php?page=news or http://www.hellboundhackers.org/challenges/basic23/site/show.php?page=about So putting the RFI into practice. Hint:When you use the exploit you have do put in a particular site.
Basic 24 N/A
Basic 25 Here you have to obscure something that the actual HBH website owns;)After you get that thing change it to decimals and you have it!
Basic 26 Alright so we are faced with XSS…or are we?..Read this: http://www.hellboundhackers.org/articles/748-css-xss.html Now you should have a general jist of what to do.So try it out.HUZZAH!!You got it.
Basic 27 Right well if you read the description it gives you a pretty big clue.So try to right something like ‘hello’ it comes out saying hello so you might think this is easy!I’ll just write alert(1) unfortunately that’s not the case.As you can see it takes away the script part so you’re left with: alert(1) hmmm now try posting < Yay that worked!So it filters the ‘script’part of what you type so if you typed: 1script1 it would come out with 11.See where I’m going with this??Good!
Hope that helped! Please rate. SaMTHG P.S Admins if you think my ‘hints’ are too much of a spoiler please edit them.Thanks
Uber0n 15 years ago
Why couldn't you wait until you had done Basic 24? I mean, what's next? Basic 1-4,7-12,16,18,21-23? :right:
ghost 15 years ago
It's a challenge article; can't rate that anything more than Average because it takes no creativity to write one.
t0xikc0mputer 13 years ago
That didn't work:(I know lets try a type of injection in the login page.That didn't work.Mabey we should mix the two together;)
Is that a hint, (javascript injection) or is at the end just a wink ;)
t0xikc0mputer 13 years ago
That didn't work:(I know lets try a type of injection in the login page.That didn't work.Mabey we should mix the two together;)
Is that a hint, (javascript injection) or is at the end just a wink ;)