PVA – My collection

Basic web hacking mission 6 in Hellbound Hackers is very situational:

My friend Drake has found this new way on how to execute Unix Commands from a simple php file, but he was testing the security and the logs recorded his activities and reported it to the FBI and it chmod the file logs.txt, now the only chance for him to be safe is that you chmod the file to all+execute and delete that file and the other file that tracks people. Mr. Deitry also said the command to do all these action needs a $ in the begining

This challenge is extremely obscure and confusing. I wasn’t able to do it before reading a spoiler-pumped article by system_meltdown on Hellbound Hackers about this mission. Therefore, I am going to give the solution away.

We need to chmod a file. What file? logs.txt. Where is logs.txt? No idea! Fotunately, system_meltdown’s article reveals that it is in this very directory, in the sub-directory logs/.

The first part-mission is to chmod the log file. chmod is a UNIX command that is used to change the permissions of a file. Remember that the mysterious Mr. Deitry told us that we for some reason need to put a dollar sign ($) in front of the commands.

$ chmod a+x logs/logs.txt

The a+x part stands for “all + execute”, which will allow everyone to execute the file. Now, we will remove it with the rm command.

$ rm logs/logs.txt

Now, we only have to delete the file that tracks our presence. Don’t ask me how we’re supposed to find the filename out — I had to read the article. Apparently, it is logs/track_logs.php.

$ rm logs/track_logs.php

Therefore, the three commands that should be used are the following:

$ chmod a+x logs/logs.txt
$ rm logs/logs.txt
$ rm logs/track_logs.php

Mission accomplished.

In basic web mission 5 on Hellbound Hackers, a (fictional) new project, called Asterix-Protect, is implemented: [sic]

Welcome to Asterix-Protect

Asterix-Protect is an email search system that uses this new type of Asterix database to match your search and uses the same type of form like a login. And Asterix-Protect its a login system which also uses this advanced type Asterix database to match your username:password, this is a project that just started… If something is wrong or you have found a bug in our product, please contact us at problems@Asterix-Protect.org.

This means that you will have to find out someone’s username and password and log in. From the mission text, you see that the username is the email adress, and the username and password are separated with a colon (:). As always, begin with checking the source code. You will discover a very revealing comment:

<!--attention admin: * is a wildcard -->

The asterisk (*) can be used as a wildcard. Hackers have always been fond of puns, and that’s probably what the Asterix-Protect system got its name from. Try logging in with an auto-matched email-adress and an automatically matched password using the asterisk wildcards:

*@*:*

Mission accomplished.

In Basic Web Hacking mission 3, there is a problem which is quite difficult to overcome unless you’ve read about it before and know what it is about.

Now, Drake learned how to make http user agents with php.
Wrong user_agent, bwh3_user_agent wasn’t found

From the mission description, you can discern that Drake uses PHP, a server-side scripting language, to check what your user agent is. The user agent is the browser that you are currently using. In your case, your user agent is: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 (this value was produced with the PHP variable $_SERVER['HTTP_USER_AGENT']). Changing your user agent is trivial, if you have the right tools, that is. I recommend using Firefox, which is faster and more secure than Internet Explorer.

<!–
google_ad_client = “pub-2303908469917611″;google_ad_width = 468;google_ad_height = 60;google_ad_format = “468×60_as_rimg”;google_cpa_choice = “CAAQ9eOTlwIaCN₂K₁NgLkVQQKNO₁₉3M”;google_ad_channel = “3690139778″;
//–>

When you have downloaded Firefox, you can use the extension called User Agent Switcher to spoof the data that the web brower is sending and make the server think that you are using another user agent. In this case, we understand from the error message given in the mission (Wrong user_agent, bwh3_user_agent wasn’t found) that a user_agent called bwh3_user_agent (Basic Web Hacking 3 user_agent) is required.

To accomplish this, just open User Agent Switcher and create another user_agent with the browser name “bwh3_user_agent” and refresh the page. If it doesn’t work, try refreshing this page to see what your new user agent’s name is.

“My friend Drake has begin to program in HTML and he made this IFRAME, but the host of the website has kicked him out, and he doesnt remeber where is this IFRAME reading it from.”

Despite the crude English, I managed to read that basic web hacking mission 2 is about getting the URL of the IFRAME on the page. An IFRAME is an HTML element for viewing one page inside another one (never iframe a page in itself!). You’ve just got to view the source code and search for the text “iframe”:

<IFRAME border='0' height='250' width='500' align='center' name='content' src='../basic1/b2/index.php' frameBorder='0' scrolling='yes'></IFRAME>

The page that is viewed in the IFRAME is the content of the src (source) attribute of the IFRAME element. In this case, it is:

../basic1/b2/index.php

Which also is the password for this level. Note that you must use the local path and not the absolute.

I just found out about Hellbound Hackers, an eductational hacking website which is supposed to legally simulate a realistic hacking environment, just like Hack This Site. The first challenge is, as expected, very simple. Just take a look at the source code. In the source to my challenge, I found an HTML comment that looked like this:

<!-- it has four legs and most of the time its called 'man's best friend'-->

Apparently, this mission exists just to check whether the user is capable of viewing the source code. It’s probably a riddle in order to prohibit social freaks that never talk to people from further endangering their species.

Of course, the answer and password was “dog”

http://timjoh.com/archive/guides