Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Other exploits

  1. Home
  2. Forum
  3. HBH Suggestions
  4. Other exploits

yours31f's Avatar

yours31f

Retired
10 0

Well, as some of you know, I'm currently working on a realistic, that a few people have shown a real interest in. My question is this, what kind of exploits would like like to see in a new real?


shadowls's Avatar

shadowls

You Like this!
90 0

Like a rfi, and you give restrictions to the file. But you use the shell to look into text files to get a password to login.


ghost's Avatar

ghost

0 0

Isnt this the hard (debatable) part of making a challenge? Its not hard to code, just needs a good idea, and if you cant come up with your own then doesn't it defeat the point?

I would like to see something that isnt in the other 2 challenges, so I would suggest finishing the second pen test, seeing whats in use, and using something else.


shadowls's Avatar

shadowls

You Like this!
90 0

He is not talking about a pen testing though.


yours31f's Avatar

yours31f

Retired
10 0

Nah, I'm coding a realistic challenge, and I am nearly done with what the challenge thoughts I had. I just thought I would see if anyone had some extra ideas I could add into it.


ghost's Avatar

ghost

0 0

Ah my mistake. My point still applies though, the hard part of a challenge is coming up with something that not only isnt done here, isnt done on another security simulation site. After checking out EG I think they have most of my ideas done already.


yours31f's Avatar

yours31f

Retired
10 0

Well, My challenge is in the final stages. Testing. All I have left to do is test it and make sure it works. Now, I need to ask the admins, Can I post it for EMs to test?


shadowls's Avatar

shadowls

You Like this!
90 0

That would be great.


SySTeM's Avatar

SySTeM

-=[TheOutlaw]=-
20 0

Go for it.


yours31f's Avatar

yours31f

Retired
10 0

FarWestTC.ulmb.com


ghost's Avatar

ghost

0 0

After a quick look, it seems most of the pages are missing or clones of others. If this was your intention fine but I dont think it was…

You say this is finished yes??


yours31f's Avatar

yours31f

Retired
10 0

Not final. No. I'm seeing if any one can find bugs. Kinda like a beta. then I'll do the aesthetics.


ghost's Avatar

ghost

0 0

It's kinda hard to find bugs when half the site is missing though . :|


yours31f's Avatar

yours31f

Retired
10 0

That's part of the idea. Its a "web developer" that is redesigning his site and that's why it is exploitable. (That's why the source has <!– incomplete –> in it…


ghost's Avatar

ghost

0 0

It's just hard to tell what's intentional , and whats accidental though , for example , the page :

http://farwesttc.ulmb.com/page/contact.phpproduces an error , but I was pretty sure it didn't last time I looked .:| Maybe it's best to have it completed and fully working , then ask about bugs and typos etc , to save confusion .


yours31f's Avatar

yours31f

Retired
10 0

Thanks, and sorry about that. It's all fixed now. All aboard for Real 19 by Yours31f!!


yours31f's Avatar

yours31f

Retired
10 0

Done and Submitted.