Using cURL on HBH.

Here's what I have so far, however it still returns a "1" rather then the webpage:

$url = "http://www.hellboundhackers.org/challenges/timed/timed1/index.php";

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt($ch, CURLOPT_COOKIE,"PHPSESSID=[Censored]; fusion_visited=TRUE; CFMCOOKIEAE=US; __utma=[Censored]; __utmc=[Censored]; __utmz=[Censored]; __utmb=[Censored]; fusion_user=[Censored]; fusion_lastvisit=1187752313");

$result = curl_exec($ch);
curl_close($ch); 
echo $result;

?>```

I'm pretty sure I'm capable of parsing out the correct values from the webpage, it's just accessing the page that I'm having trouble with.

Am I sending too many cookie values?
The wrong ones?
Do I have to spoof my referrer as well?
Halp.
=D

You need:

curl_setopt( $ch, CURLOPT_FOLLOWLOCATION ,1 );

hm, now I'm getting a blank page, I'm still tinkering with some values though. I'll check back in a bit.

Well, still no luck, here's something interesting though:

If I remove the "fusion_user" bit of the cookie, the page loads fine, It just says I'm not logged in. Hmmm. It does that with or without the FOLLOWLOCATION option.

Peice of advice: Don't use CURLOPT_COOKIE, read up on CURLOPT_HTTPHEADER instead ;)

Well, I tried putting the cookies into an array and sticking them into the HEADER option, but still no luck.

Once again, if I remove the "fusion_user" part of the cookie, the page loads fine, just not from the perspective of a logged in user.

I'll keep at it. Is anyone else who's trying it right now having the same problem?

I have tried the code you wrote, and it worked for me. Also, Headers work.

Hm, well I just tried it from the command line rather then from within a webpage and it works just fine. Thanks for everyone's help.

lesserlightsofheaven wrote: Hm, well I just tried it from the command line rather then from within a webpage and it works just fine. Thanks for everyone's help.

Hey lesser i'm stuck at the same point as you were it keeps showing me "1"

and it doesn't work when i remove the fusion_user part cookie !!

it works on any other site except hbh !

what do you mean "from a command line" you mean hosting locally like wamp or something ?

i would appreciate it if anyone could help me with this,

Thanks.

ZvirX wrote: Hey lesser i'm stuck at the same point as you were it keeps showing me "1"

and it doesn't work when i remove the fusion_user part cookie !!

it works on any other site except hbh !

what do you mean "from a command line" you mean hosting locally like wamp or something ?

i would appreciate it if anyone could help me with this,

Thanks.

By that I mean running it through the php interpreter, rather then hosted on a web page.

C:\>php yourscript.php

Thanks, now its working but it keeps returning wrong string i even spoofed the referral and still no luck , what i'm doing wrong !

i'm sure i have decrypted it right and the page isn't processed on the server

whats wrong !

ZvirX wrote: Thanks, now its working but it keeps returning wrong string i even spoofed the referral and still no luck , what i'm doing wrong !

i'm sure i have decrypted it right and the page isn't processed on the server

whats wrong !

I can't help you without code.

Here its the same as everybody i guess :|

$ch = curl_init("http://www.hellboundhackers.org/challenges/timed/timed1/index.php");

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch, CURLOPT_VERBOSE, 1);

curl_setopt($ch, CURLOPT_COOKIE,"fusion_user=[CENSORED]; 

PHPSESSID=[CENSORED]");

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) 

Gecko/20071127 Firefox/2.0.0.11");


$result = curl_exec($ch);

curl_close($ch);

echo $result;

?>```

ZvirX wrote: Here its the same as everybody i guess :|

$ch = curl_init("http://www.hellboundhackers.org/challenges/timed/timed1/index.php");

curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch, CURLOPT_VERBOSE, 1);

curl_setopt($ch, CURLOPT_COOKIE,"fusion_user=[CENSORED]; 

PHPSESSID=[CENSORED]");

curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) 

Gecko/20071127 Firefox/2.0.0.11");


$result = curl_exec($ch);

curl_close($ch);

echo $result;

?>```
 
Nah that's not nearly the whole code. What you need to do is after getting $result which basically takes the HTML of the page and stores it as a variable, to take the variable, find the encoded string, decode the string, and then use cURL again to do what needs to be done. All that script is doing is it's getting the HTML of the page you want, storing it as a variable, and you're echoing the variable. I posted this in another thread, donno if it will help much but there's only so much you can say before it's a spoiler:
 
> **slpctrl wrote:**
 
 
Well, I don't wanna post my whole code as that's an instant spoiler, but here's what I was doing wrong:
 
 
After the initial cURL to get the page, I decided for some reason to use header( 'Location: http://www.hellboundhackers.org/challenges/timed/timed1/index.php?b64=.$var' ) ;
 
Among other things, until I decided that the best way to tackle it and use the very least time is to use cURL to get the page, like so:
 
```markup
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"http://www.hellboundhackers.org/challenges/timed/timed2/index.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_VERBOSE, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11");
curl_setopt($ch, CURLOPT_COOKIE,"PHPSESSID=censored; fusion_user=censored");
$result = curl_exec($ch);
curl_close($ch);

Then after the page has been processed, use the preg_match_all() function to find each string after "string: ". This information is stored in the $result variable (That's where the HTML of the page that cURL retrieved is). Single the variable out by selecting only one element out of the array like so: $matches[1][0] then it's a simple matter of using the base64_decode() function on $matches[1][0], and then use cURL once more to get the URL

http://www.hellboundhackers.org/challenges/timed/timed1/index.php?b64=

and append the variable to the end that you assigned to the base64_decode ($string=base64_decode($matches[1][0]); It should look very similar to the first cURL script, except the URL difference. The new URL option for cURL will look something like this:

curl_setopt($ch1, CURLOPT_URL,"http://www.hellboundhackers.org/challenges/timed/timed1/index.php?b64=" . $string);

Hope this helps, and I hope it's not a spoiler. If there are sections that spoil the challenges feel free to remove.

:p

I get what you mean but why do that when i can just do it manually the page isn't processed on the server in both cases thats the point of using cURL ..

plus i'm not that experienced with cURL :D

but i believe it should work in both cases no need to be that specific :p

if your right, then i do have alot of googling to do :D lol

ZvirX wrote: I get what you mean but why do that when i can just do it manually the page isn't processed on the server in both cases thats the point of using cURL ..

plus i'm not that experienced with cURL :D

but i believe it should work in both cases no need to be that specific :p

if your right, then i do have alot of googling to do :D lol

Lol I thought I could do that too…never worked. In fact, I had to press the F5 button a few times to get the first 2 to work….sometimes I get it within the time frame, sometimes I don't. It's really not too complicated…if you need any help drop me a PM. But really, you know that the 2nd curl is gonna take the decoded string, and add ?b64=$string so you know what the 2nd round of cURL is doing….inbetween those 2 you need to get the string and decode it.

May be some one was viewing the chall while i was decrypting the string lmao

well i'll give it a try .. expect a pm soon hahaha.

Thanks B)