Welcome to HBH V2 ! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Passing Real 14


Passing Real 14

By ghostghost | 8020 Reads |
0     0

I just thought I'd make a tutorial on how to pass the HTS Real 14 Mission.

I'm going to try not to include any huge spoilers, as this mission and Real 15, as I've found, are the two funnest HackThisSite missions, and you learn a hell of alot from both.

Well, starting out, you've got a message from a friend, OutThere (who happens to be a real HTS member). He's telling you that he needs your help, by gaining Admin access to a corrupt website, Yuppers, which happens to be a joke on Yahoo!

Ok, so you've been looking around, but have found nothing. There's a good reason. This is Real 14, you're not going to be spoonfed. I suggest you start looking through the source.

You've started looking through the sources of various pages. Good. Find a file that might manage somthing that is constantly changing, that I'm sure you've noticed already.

Look through the source of that page. You'll see some things that won't really help you, then you'll see another file contained in that source. Go there. Oh, thats nothing interesting, you might think. Wrong.

Wouldn't it be great if we could get all the information within a file? Yes, I think it would, and I think you'd agree.

Do some more looking around the pages, not the sources. Maybe, find a page that lets you read different pieces of information? Study that script a bit, notice what it does.

See how whatever you append to the URL is loaded in a .n*** file? Well, we know this website is using PERL, hence the file extension on most of the pages, .cgi. Learn about some PERL Exploits. Learn how unix interprets some charachters.

By now, you should probably know what you're doing. So appened a certain somthing to another thing using somthing else :) .

Wow! Look what we've got. Sources. How nice and convenient. Look through all of the files on the server (that you can). Remember, just keep poking. This mission is all about poking.

This is the part that got me for about a month:

So you've got a file that seems pretty damn important. Well, if you don't know PERL, now would be a good time to start learning. If you know PHP, you can probably make out about 60% of the source, but you'll still have to understand the functions, etc.

Look at the hashing method. Is there any way you can make somthing to tell you a valid id? I'm sure there is. I used C++ for this one, but you can use practically any language, including everyone's favorite language, PHP. :)

So, you've got a valid ID? Great. Go into where you need to go in (I'm trying to avoid spoilers), and notice the options.

Well, you still don't have that Admin access that you really need, so what do you need to do? You don't know the admin's username, so how could you find it? Well here's the part that everyone makes out to be really hard, although it's the easiest part. Learn about a little think called "Regular expressions", aka "Regexes". You learned about them here at HBH, and if you didn't, then you shouldn't be attempting this mission. So you've got the Admin's Username and Password (hehe). How great.

Now what? If you can't find this out on your own, well….why are you even on Real 14?

Congrats, you've passed the first Insane Rated Mission, on HTS. Feels good, doesn't it?

I'm seriously sorry if there were too many spoilers, I just didn't want to leave people sitting there, wondering what to do, as that was me for a good month or so.

Comments
ghost's avatar
ghost 17 years ago

Oh you crazy bizatch, telling em it's a .**** file being loaded is a bigger spoiler than linking em to rfp's CGI Bug article! Whatev, this level is great

ghost's avatar
ghost 17 years ago

Why is there an article for HTS on HBH?

ghost's avatar
ghost 17 years ago

Computer Ethics (1) Ethics on Computers

Encryption (2) Articles About Encryption

Essays (4) Want to submit your essay? or need an essay? Find them here

Graphics (2) Articles on graphics

HBH Challenge Tutorials (15) HellBound Hackers Challenges

HTS Challenge Tutorials (3) Articles About HTS Basic And Realistic Missions

Linux / UNIX (5) All Linux / UNIX Related Articles

Other (25) Other Articles That Do Not Fit Any Catagories

Phreaking (3) Articles About Phreaking

Programming (14) Articles About Programming

Security (3) Articles About Protecting Yourself

Social Engeneering (6) The Art of Deception

Web Hacking (22) Articles About Hacking

Windows XP Tweaks (15) Articles About Tweaking Windows XP

^^ becuz theres a section designed for it.

Rap70r's avatar
Rap70r 9 years ago

.