Pen 1

Is there someone I can PM my findings? I think if I post anything, it will contain spoilers :p

you can pm me

How many vulns are there anyway? I've only found 2 so far.

five

pm me

What?

i think pen testing 1 is pretty low for HBH, its pathetic, HBH from what i know is about ethics and morals, why then look stupid and mak a obviously fake website that redeems nothing and makes HBH look pathetic and ignorant. As far as i can see, that challenge makes HBH low..

J3sus

Is that why you have no points for it? If it is so low and degrading, then prove that it's easy. I only have 40 points, but you don't have any.

J3sus wrote: i think pen testing 1 is pretty low for HBH, its pathetic, HBH from what i know is about ethics and morals, why then look stupid and mak a obviously fake website that redeems nothing and makes HBH look pathetic and ignorant. As far as i can see, that challenge makes HBH low..

J3sus

You sir, are a cunt :)

If you bothered to look in the source, RoMeO agreed to let us release it anyways, fucking faggot ass cuntbucket.

J3sus wrote: i think pen testing 1 is pretty low for HBH, its pathetic, HBH from what i know is about ethics and morals, why then look stupid and mak a obviously fake website that redeems nothing and makes HBH look pathetic and ignorant. As far as i can see, that challenge makes HBH low..

J3sus Its people like this who make me sick. HBH admins are constantly offering a safe environment to test situations and scenarios and what do they get back? some half ass witty comment. Ive been around here for a while and never once have i found the need to complain. Dude, if you dont like it, no one forces you to use HBH. Its your loss.

Get a Life

@system, that is because he is going to bring out a whole HBH collection, that is also very sad..

@moonaguy, i've been here for many years. so shut up and redeem yourself in this place.

lawl "redeem," dude i dont need to redeem nething, okay i admit im not an active member of the community but its people like you who put me off! Ive always assumed these forums are for help and advice, not for u to express how much you "hate" challenges on hbh, or to flame the admins coz of this.. Maybe Im wrong ;)

No, you have a valid point. The forums should be used for legitimate discussion. The idea of posting how much you dislike the site is a waste. As previously stated, if you don't like the site, go away. If you don't like the challenge, don't do it.

The challenges provide an opportunity to learn in a safe environment. Regardless of the difficulty of the challenge, there is an opportunity for people to learn. If you find the challenge to be to basic for your tastes and are beyond the level required for it, congratulations. Kudos to you for being "leet". Others will find that it presents a different point of view and a chance to explore vulnerabilities that are new to them. Not every challenge is going to suit every person. If you feel that the challenge is "pathetic", create a better one. Instead of complaining and hurling insults try offering intelligible suggestions for improvement. There is a place for those suggestions :

http://www.hellboundhackers.org/forum/viewforum.php?forum_id=4

J3sus wrote: i think pen testing 1 is pretty low for HBH, its pathetic, HBH from what i know is about ethics and morals, why then look stupid and mak a obviously fake website that redeems nothing and makes HBH look pathetic and ignorant. As far as i can see, that challenge makes HBH low..

J3sus

You've already been flamed, so I'll just be clear. There is nothing unethical or immoral about penetration testing… it is a legitimate branch of the Information Security field. Also, the Pen Testing challenge is more realistic than any of the other challenges, since you don't have any idea of what you're looking for (outside of the vague term "vulnerabilities").

Finally, as system stated, the challenge mentions the permission given to make the challenge as it was. The look of the site was a joke, the target of the joke approved it, and it's a legitimate challenge. Period.

Yea, just enjoy the challenge.

@j3sus how is pen testing 1 "low" for hbh? its just providing a realistic scenario to challenge you. if you hate it that much, just don't do it. you dont have to complain about it too

i think pen testing 1 is pretty low for HBH, its pathetic, HBH from what i know is about ethics and morals, why then look stupid and mak a obviously fake website that redeems nothing and makes HBH look pathetic and ignorant. As far as i can see, that challenge makes HBH low..

J3sus

duuuuudee, wtf ? are you retarded ?

:love: pretty one

Ya, I have only found the 2 easy exploits (and btw, how is white-hat penetration testing low and stuff? Aren't these the ethics we should want to release? If you think of it as whitehat and not blackhat pwnage of a website :P)

I've found one easy exploit which gave me something and I found the directory and now I see the script for the something.

So I went and tried to use the something that I found and now it was like "YOU'RE NOT WELCOME HERE, [my ip]!"

I'm guessing that:

• I need to do something to the something bolded.
• I need to get a proxy for something I dunno
• I need to change my session

Am I on the right track?

In all my programming life, I haven't seen a "site" coded in such a bad way. There is no define structure for modules. Sometimes its with the parameter page, sometimes its with different GET. And the exploit involve that the site is as crappy as it look. I had to read what they said for an exploit, because I couldn't believe that this "site" could be coded in such a bad that what I put would make it crash.

Sorry, but the exploit are either a copy of the basic challenge or absolutly not common exploit that this is the only "site" on the world that it would work.

@arto most of the challenges are like that… They wont work in normal circumstances and things, but I think what this challenge is meant for is to get you LOOKING for them. To teach you how to look for flaws in websites and recognize what is a flaw in things like the url and errors. That being said, I still can't get passed 40 points :P

exactly right, its a simulation ie its not really but it gives ppl ideas on how to do things and possible ideas on wat to look for.

Well there is a middle between reality and trully fake.

Having an XSS exploit because of unsuffisiant filter on some data would be realistic (having filter that only remove "<" and ">"). XSS are still possible but in a more tricky way.

Saying that the exploit with the "include" (the one that let you execute any code on the server) still work is trully fake, the default setting of Apache/PHP won't let you do that.

I did the most basic exploit on the site… And I found a sekrit directory but don't know what do do with it :( Just like moshbat :p could I please PM someone for help?

You can PM me if you want.

can't wait for another one of these to come out :D

Skunkfoot wrote: can't wait for another one of these to come out

Same here B)

some of the most basic bullshit noobish bullshit can work on sites its rather surpriseing hell i got into a works admin site with just \' or 1=1–/* lazy programing isnt as rare as you think

same as everyone else on here.. cant get past 40 pts. lol

hm, I got a fair bit into this, and have a few ideas about how to continue, but perhaps if I could consult someone who's got it? I'm not sure if the point where I'm at is just a guessing game or a place where techniques can be applied. don't spoil it for me, at any rate.

Can't get past 40 points? You're not looking at everything, then. :)

noober wrote: some of the most basic bullshit noobish bullshit can work on sites its rather surpriseing hell i got into a works admin site with just \' or 1=1–/* lazy programing isnt as rare as you think

Lazy Programming == Beginner and it's not beginner that code major site. People that study in programming learn enough in security to don't make these mistake. The most common exploit (that can be found) are thing that are really known or learnt, it was the case of the XSS. XSS is also very common because most people under-estimate what you can do with this exploit.

if ya look around at various hacking crap and take a look on you tube ull see someone hacking into a college website using ' or 1=1 after altering the the source code…that gave up someones social security number and lead to basicly getting everyones social security number..id call that pretty major…lazy programing…like i said not that uncommon even when it somewhere that need to be protected

lesserlightsofheaven wrote: hm, I got a fair bit into this, and have a few ideas about how to continue, but perhaps if I could consult someone who's got it? I'm not sure if the point where I'm at is just a guessing game or a place where techniques can be applied. don't spoil it for me, at any rate.

You can PM me ;)

or me:)

Hey my rank is reversed lol I didn't know that it worked…

Hmm, I've only accumulated 40pts so far in this challenge, so I guess that means I'm in the average.

However, I would like to continue this one. So please, could somebody violently push me into the right direction?

My status:

-Found a simple exploit -Found a secret directory -Logged in as admin - another exploit -Found some php code -Was able to run that code, but didn't get anything from it except that I know there is an admin panel that is still being coded somewhere.

[VIOLENT PUSH NEEDED HERE]

By the way, what is the point of giving us that user:pass at the beginning of the challenge? I haven't found a use for it at all.

Placebo wrote: By the way, what is the point of giving us that user:pass at the beginning of the challenge? I haven't found a use for it at all.

Yeah, I know… I just repeat the admin "exploit" every time I come back to it. lol

I've only found one more exploit than you, so I am still working on it, too. As for the one you haven't found that I have, though, I can honestly say that you're not looking everywhere for basic exploits. That's all I can say, really, since anything more would be a spoiler.

Zephyr_Pure wrote:

I've only found one more exploit than you, so I am still working on it, too. As for the one you haven't found that I have, though, I can honestly say that you're not looking everywhere for basic exploits. That's all I can say, really, since anything more would be a spoiler.

CoughiSuckCough

you can pm me for help if you want

are phpsessid's a special encryption, or are they random spurts of letters and numbers from some code that is designated to your ip, is it encoded in md5 cause thats what is looks like. i have no experience with php, any help?

hackncrack wrote: are phpsessid's a special encryption, or are they random spurts of letters and numbers from some code that is designated to your ip, is it encoded in md5 cause thats what is looks like. i have no experience with php, any help?

Read up on PHP sessions. That will answer your questions.

i have been, i found (in the article i read), that they are random, usually. now im reading up on session pio***g, wasnt sure if that would be a spoiler.

EDIT:i made it say

"Got a packet bigger than 'max_allowed_packet' bytes", am i getting somewhere or is that just a dead end?

is there any one that i can pm?

well ur all doing far better than I i just got the 10 points for that common exploit ive throw SQL injections in multiple forms in every place i can find and that dont seem to be working out nor does cookie poisoning anyone wanna shoot me in the right direction and ya i dont really know what the hell to do with those directories either im feeling a bit retarded

first: post cohesively, but not at the subatomic level

second: its PHP, read up on exploits in it.

Alright, still in placebos case. I can't PM anyone because I am totally lost, but I am exactly where teh fake pill is. I haven't done as much as I probably could, but they are tiny little stupid things that keep saying "You have already found this exploit!" erg…

if i dont find the correct place to put a SQL injection i will eat my own arm…im starting with SQL because I just figure they would throw that sort of an exploit in

Hmrp…im at the same place as everyone else…but i might have a clue of what to do..or not, but are there someone in can PM?:ninja:

I'm still missing the last exploit, but yeah, you can PM me.

you can pm me

Man, how is the rest of the community supposed to learn something if every clue/hint is directed through the pm system?

I have found them all. If you have nay questions feel free to pm me. I can say that there are 5. Think of common exploits.

Yea, and most of it are a very common exploits:)

–Sorry for the other post–

Yea, and most of it are very common exploits:)

Yea, and most of it are very common exploits:)

Placebo wrote: Man, how is the rest of the community supposed to learn something if every clue/hint is directed through the pm system? by doing the same thing :)

can any1 help me plz? im missing the last exploit for weeks!! :@ same place as Zephyr_Pure i think….

One of the options under the Forms menu on the Web Developer Toolbar can help a lot with one of these :)

also, try to think of what some common exploits are: you've got your RFI/LIF, SQL, and XSS (to name a few)

if you need to learn more about any of these, here's a decent little article: freewebs.com/skunkf00t/hacking.txt

Skunkfoot wrote: if you need to learn more about any of these, here's a decent little article: freewebs.com/skunkf00t/hacking.txt

Credit much?

Skunkfoot wrote: if you need to learn more about any of these, here's a decent little article: freewebs.com/skunkf00t/hacking.txt Pr0test wrote: Credit much?

It's actually chock full of information, some of which is relevant to the Pen-Testing challenge (though not as spoilers). Instead of having a snide comment about him offering information, you should either stfu or write something half as useful.

Skunkfoot wrote: One of the options under the Forms menu on the Web Developer Toolbar can help a lot with one of these :)

Found that, as well as the other 3 basic ones… just stuck at the last one. I'm not asking for help, though… I'll figure it out on my own with enough time. :)

Anyone else having problems logging in with nooblet and irtoleet, because it does not work for me xD

thx skunkfoot for the article =)) i think i tried all the exploits written there… maybe i missed smth… i'll just try them again…. ,)

Ayr4 wrote: Anyone else having problems logging in with nooblet and irtoleet, because it does not work for me xD

Who even uses those credentials? :happy:

if we arnt using them then…what the hell are they there for…

Edit: Spyware is a monkey. Ignore him. :happy:

noober wrote: if we arnt using them then…what the hell are they there for…

For people that take limited user accounts as a compromise. Seriously, first priority should be privilege escalation.

noober wrote: if we arnt using them then…what the hell are they there for…

"Confuzzleness"

spyware wrote: [quote]noober wrote: if we arnt using them then…what the hell are they there for…

"Confuzzleness"[/quote] i was refering to the credentials given to you at the begining

noober wrote: i was refering to the credentials given to you at the begining

Yeah, me too.

ive thrown various XXS SQL and RFI in everyplace i can find…wtf

noober wrote: ive thrown various XXS SQL and RFI in everyplace i can find…wtf

Then, obviously, you can't find the easy places. Just do some more Real's before you attempt this one. It's not as much of a pushover as the other challenges.

Alrighty, you seem to know what your doing so off to real challenges i suppose

noober wrote: Alrighty, you seem to know what your doing so off to real challenges i suppose

I wouldn't go that far. :) However, the Realistic Challenges should be a prerequisite to the PenTest challenge; though they tend to be a bit too simple, they do show you patterns that you can apply to this challenge. Anyways, it's safe to say that 3 out of the 5 exploits are incredibly easy to find, the 4th one takes a bit of ingenuity, and the 5th one must take some specific knowledge (as I have not managed to get that one yet).

Zephyr_Pure wrote: [quote]Skunkfoot wrote: if you need to learn more about any of these, here's a decent little article: freewebs.com/skunkf00t/hacking.txt Pr0test wrote: Credit much?

I'm pretty sure it says who wrote it in the article…something like Spyderman's guide…maybe I forgot to copy that part, idk, but regardless, I didn't write those. I'm not saying I did. I got all those articles from Darkmindz.

Anyone else having problems logging in with nooblet and irtoleet, because it does not work for me xD

It doesn't work at all…check the source code and you'll see that that form doesn't do anything…

and the 5th one must take some specific knowledge (as I have not managed to get that one yet).

If we're thinking about the same one, then you need to inject something into the URL of one of the pages…

Zephyr_Pure wrote: and the 5th one must take some specific knowledge (as I have not managed to get that one yet). Skunkfoot wrote: If we're thinking about the same one, then you need to inject something into the URL of one of the pages…

We probably are thinking about the same one… I have this vague feeling that the injection is not a typical one (at least, for "normal" methods), so it's just going to take a bit more time to figure out. :)

no, it's not. You got to the secret directory with the code, so look at the code. You'll need to inject something to make the condition true (to display the admin panel)

I don't think I can say more than that without spoiling it. You can PM me if you like…

Ok so i found how to read the sekrit*****/sec***.php or what ever, my question is do i need to use a p** c****** s****? hope that wasnt to cryptic for a person to recognize, just dont want to spoil things for anyone

well I'm pretty sure I understand what you're saying…

PM me, you're on the right track, but I don't know how to give this hint because I'm afraid it might spoil it for some people.

Zephyr_Pure wrote: Who even uses those credentials? :happy:

Because, it might be important…get it?:evil:

Zephyr_Pure wrote: Who even uses those credentials? :happy:

Ayr4 wrote: Because, it might be important…get it?:evil:

Only in a simulated challenge. In every other case, privilege escalation is one of the highest priorities, and this challenge gives you enough to accomplish that without logging in.

cough, cough I mean, of course it's important. :D

Edit: I felt really stupid when I finally got the last exploit. It seems there are a lot of opportunities for people to over-complicate the logic of it. :)

noober wrote: well reguardless congrats on that

Thanks, but it's not deserved. It's just a simulation, after all. These challenges only serve to introduce concepts, not so much techniques.

well reguardless congrats on that

yeah good job man ;)

a lot of people PM me with this problem..you should write an article Zephyr :)

Skunkfoot wrote: yeah good job man ;)

a lot of people PM me with this problem..you should write an article Zephyr :)

Well… I am a firm believer in the fact that challenge articles are evil, though I must admit that I have used a few to help with some of the rockier parts of some challenges. I would have three main concerns with an article on this challenge:

1. The challenge is still relatively fresh, so I don't think it's time for an article yet.

2. There's not really a good way to write an article on the challenge. Just about any hint you can give as to the nature of the exploits pretty much comprises a spoiler.

3. To prevent the article from being a spoiler, the article would basically be limited to 3 or 4 sentences. By being vague, it would only say a bit more than "look everywhere, test the obvious".

Maybe system will write an article on this challenge, too. He seems to have experience with challenge articles. :)

i think papers/articles on the nature of implenting the exploits used wouldnt be to bad. Still trying to include that damn function even with skunks help

noober wrote: Still trying to include that damn function even with skunks help

I have no idea what you're referring to, but you can PM me as well if you need help.

I hope you're*** not trying to include the actual function or the function call xD

sorry if my hint confused you, PM Zephyr, he's good at hints..

edit: used the wrong word xD

noober wrote: i think papers/articles on the nature of implenting the exploits used wouldnt be to bad. Still trying to include that damn function even with skunks help Just don't over complicate it:p

o haha ya i got a little confused i take it im over complicating it a bit

yeah, this one's really easy to over complicate.. :)

ya CLEARLy once i realize i over complicated stuff i got it on the first shot

jeez 135 for that one…i thought i would have built off that exploit like last time but it doesn't actully allow u 2 look at anything more eh…lame, ya i know what ya mean about just the introducing concepts. Seems like main issue is error pages. I mean im far from good at this but most of the time, most the information i gather is by producing diffrent error messages on a given page. Which you cant really do in this

Please please, keep the flames down. Just take it to MSN/AIM/gChat or whatever if you want to discuss things whilst having a heated opinion.

Not that I don't like flames or anything, but others get burned easily.

So please, behaving a liiiiiiiiittle bit more nice doesn't hurt -anyone-.