Pen 1, new

i figured that since the last pen 1 forum had 60+ replys, its time for a new one

im stuck, so far ive found

the secret directrory logged in as admin found some php code talking about an admin panel found exploit on another page (dont want to give it away)

now im trying to find and exploit on the "m3mb3r t0015" page, i think its xss, not sure, any help? even when i enter normal values nothing seems to happen.

… hmm … m3mb3r t0015 … ahh yes

You read the notice?

NOTICE: These values are not posted yet, we have not completed the profiles pages. They are only viewed by admins at the moment.

What should the admin read? And what may not be check?

Look at the page and think about it, you'll get it.

ok, i found an exploit, but i guess it wasnt good enough to get any points, i included index.php so it would go on for infinity, and it was stopped by the challenge, guess that one is too easy haha.

i also found another page that says that the admin panel is still being made, i dont know what to do from here, im stuck in the same spot as before.

I'm thinking you can in***** a s**** perhaps? Find out whats actually on the site.

already tried that, i keep getting the you already found this exploit alert

yeah, I'm trying to find a way to get it in… because I'm sure there's a way!

If only Richo would get on or Sleaz would get off the pot haha. I need to learn a bit about PEAR I think… unless… RELATIVITY!!!

whatever the problem is i cant figure it out haha, PEAR…..ohhhhh PEAR, i have no idea what that is. google /pear, that what i did, theres a wiki article.

altho i have it so im an admin i can see view any more than i could b4…what the poop?

noober wrote: altho i have it so im an admin i can see view any more than i could b4…what the poop?

It's a simulated environment. And don't use the word "poop" in a serious question; it makes your post suck.

seeing as the site doesnt let you use the word fuck i sub with poop seems far to me

noober wrote: seeing as the site doesnt let you use the word fuck i sub with poop seems far to me

Well, though that is an accurate statement, it is irrelevant. I think the creators of the challenge meant for the admin login to not have any more privileges to prove:

"Admin credentials are not the answer to everything, and not always easily obtainable."

Sometimes, you have to use exploits that would utilize alternate credentials without the credentials being available. Also, if the admin login did give you any more privilege, then it would've made the challenge easier. Ultimately, that would've made the challenge less effective in teaching viable technique.

i suppose your right. Just working on using those nooblet credentials somehow

noober wrote: i suppose your right. Just working on using those nooblet credentials somehow

cough, cough Diversion! :ninja:

noober wrote: i suppose your right. Just working on using those nooblet credentials somehow

[quote]cough, cough Diversion! [/quote]

yeah…they're not meant to be used at all (unless there's a 6th exploit I haven't found or something) :)

Now, to your problem on the member tools page, you're on the right track. How many fields do you have in the form?

http://www.hellboundhackers.org/challenges/basic13/index.php

ever done that challenge? How did you do it? :P

Note: Web Developer Toolbar makes this very easy :)

I knew I had to do something with that I just cant din out what… Tried some different injections with no luck…

with the forms? do you know anything about XSS? ;)

Lots… do we have to use actual scripts (way too lazy to script something up right now) or is just making it look like you know what you are doing?

edit: Wait… if they were being nice when they were doing it it may be a R*****I (incorrect *s)

I don't know what starts with R and ends with I…

but no, you don't need a full script, read up on some simple XSS exploits…

im still havin a hard time wit the xss on the member tools page haha, im stiill reading up on xss though.

Re**** F*** In******* and L**** F*** In*******. Thanks skunk you saved me lots of wasted time with that comment :)

Flaming_figures wrote: Re**** F*** In******* and L**** F*** In*******. Thanks skunk you saved me lots of wasted time with that comment :)

Yeah, the "XSS" and "Web Developer" comments, when combined, may have constituted a spoiler. I still think the best piece of advice for this challenge is "look at everything, and try everything". It may seem too broad but, once you start finding exploits, you'll understand why.

Really, they are basic exploits; hopefully, the second PenTest challenge will be more complex and have more exploits for less points. We demand substance! :happy:

lol, not necessarily, the web developer toolbar has a lot of options in it…

and yeah, look at everything, and I mean everything :)

Skunkfoot wrote: lol, not necessarily, the web developer toolbar has a lot of options in it…

Yeah, I guess you're right. If they weren't familiar with the extension before the challenge, they'll still end up learning some technique out of it when they finally get it. Anyways, all but the last exploit should be extremely obvious after some plodding. :)

yeah, that last exploit's a bitch…most of you will likely need help on it..

Man, I was trying to figure out what the exploit was that gives you 10 points for like an hour, so i gave up and saw that I somehow got the points hahaha.. i'm pretty sure I know which one worked though, it was the most obvious. There should maybe be some kind of message that tells you that you got the points, or maybe i just missed it?

lol there is a message, but I had the same problem when I first got it

I didn't even know I got it, and then I went to my profile and it said I had 10 points xD

how exact do i need to get the explot. I got it to cough up a sql error but no points

which exploit? …

and what error?

pk, i found the "include" exploit but i'm stuck on these two things: i've found a secret dir, but i cant do anything in that, i only get error, on line 1337 :p also i'm trying to login as admin, i think i have a pass, but whats the username? [EDIT] ok it was my BIG fault. i am sorry. i've got it [/EDIT]

OK I got 90 points dunno what to do next. I got admin access. If this were a realistic chall probably I would try to get the ftp pass and deface the whole site. Hmm probably not. Maybe hijack the email and get some bank details and pocket some $$$. Maybe I'm going too far… And maybe I need an anti-1337 FF plugin. This chall is making my eyes hurt..

Anyone who needs help can PM me

Man, I've found the SQL error….and I can't get the RFI to work. I'm completely stuck can anyone throw a hint to me?

You can PM me if you want.

Alright, here's my situation. I found the SQL error and have tried countless injections but I can't find the table name to extract information. Can I PM anyone or can anyone drop me a hint please?

Can someone throw me a bone here? lol I've been trying to get this for fucking ever and can't seem to make it happen. God it's annoying.

slpctrl wrote: Can someone throw me a bone here? lol I've been trying to get this for fucking ever and can't seem to make it happen. God it's annoying.

Be a bit more specific, and you'll probably get some help.

Zephyr_Pure wrote: [quote]slpctrl wrote: Can someone throw me a bone here? lol I've been trying to get this for fucking ever and can't seem to make it happen. God it's annoying.

Be a bit more specific, and you'll probably get some help. [/quote]

Never mind about the injection. I'm having problems with setting $_SESSION['ADMIN'] to true. :\

slpctrl wrote: Never mind about the injection. I'm having problems with setting $_SESSION['ADMIN'] to true. :\

<OT> Please fix your quotes in your posts. </OT>

Think about (i.e., read about) how sessions actually work in PHP. Then, just try to modify / augment the session using that.

Ah that was easier than I thought lol. So I got 300 points did I finish it?

Edit: nm no lol I know what to do now tho…maybe not lol

Edit: Is the XSS portion of the challenge down? That's the only thing I can think of that I might be missing although I completed it…..I still need 50 points and I've completed 5 challenges….-_-

slpctrl wrote: Edit: Is the XSS portion of the challenge down? That's the only thing I can think of that I might be missing although I completed it…..

Nope, it's still up… just completed it again. Try it again, I guess.

I am a little stuck on the dos exploit, can I pm someone with what I have?

yeah you can pm me

could i pm someone with what i am trying for the xss part? im sure its right but i must be doing something wrong.

sure, pm me…

cheers, pm'd