Pages

Wednesday, January 26, 2011

Forgot Firefox password (Reset firefox password)

some days b4 i have set master password for my firefox. But the next day I forgot that password. I was struct. I dono what to do next. I posted in Buzz for help. But no use :-(. So sad of me na. After I Googled about reseting firefox password. And finally I got it.
  • just type the following line in the address bar of your firefox browser without cotes "chrome://pippki/content/resetpassword.xul"
  • It will ask for confirmation. 
  • If you give ok, your password will be simply reseted.
Note: Remember one thing, if you reset your master password, all your stuffs saved in your browser using that master password will be lost.
Posted by Balakumaran at 9:05 PM 0 comments
Labels:

Saturday, January 8, 2011

basic-10

yeah very simple one. the page that is being linked at the challenge page will respond you if ur ip is in a specified range. so first you have to find the range. then change ur ip to the one in the range. then open that page. the challenge over.

Ans:
click the link. if ur ip is in the range, u will be automatically finish the level. but if not, u will end up with a page saying page not found error. view its source. the comment line will say the ip and the port range. one good news here is the port 80 is allowed. its over. now the work is to find a proxy that present inside the range. i found one here. login to ur account through the proxy and click visit the page. thats all. the game is over.ur point will be incremented to 40.

www.hellboundhackers.org
Posted by Balakumaran at 11:00 PM 0 comments
Labels:

Thursday, January 6, 2011

basic-9

this is not tough as previous levels. but little bit tricky. it consists of two steps. first you need to find the file that to be searched. then you have to open in a different way. then next step will be automatically start. there you have to find the username and the password(please use firefox. won't appear in chrome). then you have to enter the username an the password in the right place.

as the search.php is only to search inside the file directory, have a look into the file directory. just type file/ after basic9 in the url. u will be taken to a directory listing. there u will find the file need to be opened. if u enter the file directly, it will run the file. but you have to open it to read, not run. so open in a different (just read about null byte poisoning) here. now u will be asked to enter the second level. if you enter the second, level a php file will be saved as html file. so u can read the source(use firefox). now save the username and the password. then sumbit them in the right place to login. u will be added 30 points.

Ans:
  • open the location,  http://www.hellboundhackers.org/challenges/basic9/files/
  • now enter the file need to be open(login.php) in the search box in the search.php page. but it will run. now u have some knowledge about null byte poisoning.
  • enter following without cotes in the search box of the search.php. "login.php"
  • the first level is over. a link will appear, that asks u for enter the second level. just click it
  • ones.html file will be opened. view the source of the file with firefox. because, chrome won't show the password. in the source, u can find the username and password.
  • copy it and enter it at the starting page of this challenge, www.hellboundhackers.org/challenges/basic9
  • ur points will be added with 30.
www.hellboundhackers.org
Posted by Balakumaran at 10:43 PM 2 comments
Labels:

Wednesday, January 5, 2011

basic-8

you need to do some real sql injection. remember this things while doing this.
  • the variable that holds the sql query is $sql_query
  • that sql_query variable can be set using get method
  • simply try to view the entire database
  • use upper case letters for the query words like SELECT, FROM, etc
first give some random value in the password box, you will end up with wrong sql query in the next page. but u will find that the script is weak. so u will find the name of the password database.
now its very simple to view the database. 

Ans:
the password database is family_db
in the address bar, add the following arguements without coates
"?sql_query=SELECT * FROM family_db"
now the password will be shown to you. and also there will be a text box requesting u for the password
just see and type the password(the password is KingKond) in the text box. you will be given 30 points
Posted by Balakumaran at 11:05 PM 0 comments
Labels:

Tuesday, January 4, 2011

basic-7

Actually two cookies are been set in your browser. But only one of them is usefull for this challenge. you can see the cookie value by viewing the source of the page and also as it is been set as cookie, you can view it among the cookies in your browser. as this page requires the username, find the username value from that cookie. you have to encrypt it to ascii encryption code, as ascii encryption mode is eabled. thus the value entered in the given textbox will be decrypted with ascii encryption method and the decrypted value will be compared with the value reside at your cookie. so you have to encrypt the username using ascii encryption and enter it. but each time, the ascii encryption gives different value, you may end up with error. so the real hack is, edit the cookie to its ascii value. use some ascii editor. I used cookie editor add-on for firefox. you can download it here. now convert the username into ascii code and replace the cookie value. conver any string into ascii here (remove all spaces). now enter the username itself without any encryption. you will be authenticated.

And the next is a sql injection hack. its very simple and basic. google about sql injection and you will end up with the answer.

Ans:
the username is sam
its ascii value is 011100110110000101101101
using any cookie editor, replace the username cookie content with the ascii value mentioned above.
now give sam in the textbox.

first step is over. now sql injection. many ways are present, i used this way. just copy and paste the next line without cotes.
"one' OR 1=1--"

www.hellboundhackers.org
Posted by Balakumaran at 10:45 PM 0 comments
Labels:

Monday, January 3, 2011

basic-6

You should know about some basic unix commands. The assignment here is, 
  • you have to find the log file and the other file which tracks user activities
  • then you have to change the chmod of the log file (first command)
  • then you should delete both files (last two command) 
those two files are not in the same folder the basic6/index.php present but in an inner folder. so look around for those files. then simply form the commands. enter them in the text boxes finish the level. but one thing to remember is, every command should start with a '$' symbol and there should be a space between the '$' symbol and the command.

Ans:
$ chmod a+x logs/logs.txt
$ rm logs/logs.txt
$ rm logs/track_users.php

www.hellboundhackers.org
Posted by Balakumaran at 11:59 PM 0 comments
Labels:
Subscribe to: Posts (Atom)