Hellbound Hackers Guides
The guides and walkthroughs that I've written for Hellbound Hackers are here. Note that they contain some spoilers. Choose a mission.
(back to Guides)
Basic web hacking mission 7 of the Hellbound Hacker series is a prime example of why I dislike their “hacking challenges”. Some of them are not about hacking!
This time Mr. Deitry decided to make a cookie login script and he said he decrypted it from ASCII encryption, and for you to login you need to encrypt it. And after you login there is another login but its a Login that uses SQL databases, but he thinks that the SQL login page is vulnerable to a simple SQL injection, and when he gets back from his vacation he would fix it.
In this mission, whatever you do, don’t try to think by yourself! Instead, follow the instructions blindly. Upon inspecting the cookies set by this mission, for which I recommend the Firefox plugin Add N Edit Cookies, we find two of them:
username=sam
password=jillisdead
We are asked for the username. I tried a lot of methods on this one. I used the username “sam”, and I changed the value of the “username” cookie to my username. No matter what I tried, I could not solve it. So I read the mission description again. Mr. Deitry “decrypted it from ASCII encryption, and for you to login you need to encrypt it”.
For some reason, the value of the cookie set needs to be changed, regardless of who was logging in! Please disregard that this mission has no connection whatsoever to reality. What sane login system would require such actions from its users?
What is meant by “ASCII encryption” is the corresponding, binary ASCII values for each character. This would be the same as “Unicode encryption”, since the first 128 characters are the same for both ASCII and Unicode. To find what “sam” is when ASCII encrypted, google for things like [ascii to binary]. When you have found that, edit the “username” cookie to the encrypted value, e.g. 101010101010101010101010. When that has been done, you can login with the previous username.
To bypass the next field, you must only remember that the mission text talked about an SQL injection. First, check what error message you get when putting an apostrophe in the field.
Congratulations! The server-side check for successful SQL injections isn too advanced.
Logical challenge #6 in Hellbound Hackers is called “Space Rock”:
Suppose you are working for the science department and the NASA brought you a rock from space and before you are supposed to do anything with it you need to get the volume. But in your office you only have a pencil, a ruler and a glass of water and of course the rock. Using only those things, how can you get a close estimate of the volume of the rock?
This is such a classic puzzle that everyone should know it. Especially those who are in fourth grade or higher. The principle to be used is called “Archimedes Principle”, named after a Greek intelligent guy called Archimedes. He laid down in his bathtub, when he noticed the water around him rising. Get it yet?
Do the following, assuming that the rock fits into the glass, the glass is a cylinder and the water won’t flow over:
- Mark the water level on the glass with the pencil.
- Put the rock in the glass.
- Measure the difference between the new water level and the old one.
- Measure the radius of the glass.
- Calculate the volume of the rock: r2*pi*dh where r is the radius of the glass, pi is about 3.14 and dh is the change in the water level.
I’m just wondering why NASA don’t have better equpiment, why they give the stone to some office guy and WHY they allow him to wet it.
Hellbound Hackers’ fifth logical challenge is called “3 fuses”.
After a hurricane, you notice that your lights will not turn on… The switches wont work so you go down to the basement to check the fuse box. You notice that 3 fuses are off. If you can only take one trip upstairs to check if the fuse you selected worked, how do you determine whether fuse a, b, or c is the right fuse to turn on your lights?
This one really requires some thinking outside of the box. Pretty much anyone can deduce that it is impossible to solve this puzzle by only turning on one fuse (unless that’s the working one).
I find it very difficult to give any sort of clues to this kind of problem, and therefore the solution will be a bit straight-forward.
You must first turn one fuse on for a while. After this, switch it off and turn another one on. Now, go up the stairs. If the lights are on, the fuse that is switched on is the right one. If not, touch the lights. If they are warm, it was the first switch, because the lights were heated up. In the case that they are cold, the last fuse, which you didn’t touch, was the correct one.
This is the second of Hellbound Hackers’ logical challenges, The Stairs of Death:
Three people are standing on some stairs. They are each wearing a hat. They are only allowed to face forwards, so they cannot see the color of their own hat, only the color of the hat of the one or two people in front of them (depending in which position they are). The hats they are wearing have been chosen from a pile of two red hats and two blue hats. All three men will be shot in one minute unless one of them shouts out (correctly!) the colour of their own hat. Who shouts out and how do they know the color of their hat? (Work out the answer for the most difficult situation!
In my diagram, which I find more attractive than the HellboundHackers.org diagram, the three persons are called Mrs. Pink, Ms. Green and Mr. Yellow. There are lots of possible combinations of hats, but since no-one can see Pink’s hat, we need only investigate four combinations (assuming that there is a solution). These are:
| Ms. Green |
Mr. Yellow |
| Red |
Red |
| Blue |
Blue |
| Red |
Blue |
| Blue |
Red |
The first two combinations have a very simple solution. Mrs. Pink will see the two hats which are of the same colour, and, knowing that there are only two of each colour, shout the other colour.
If Ms. Green’s and Mr. Yellow’s hats are of different colour, however, Mrs. Pink cannot deduce her own hat’s colour, which means that she remains silent. Ms. Green realizes that this is the situation, and since she there are no other hat combinations where Mrs. Pink would have been quiet, she knows that she and Mr. Yellow have different hat colours. This means that if Mr. Yellow has a blue hat, Ms. Green has a red hat, and vice versa.
Just remember that you’ll have to write your own solution — I doubt that copying mine will give you any points.
The first of Hellbound Hackers’ logical challenges is Bags and Beads:
You are given 5 bags. There are 10 beads in each of the bags. In four of the bags, the beads each weigh 10 grams. In the remaining bag, each bead weighs only 9 grams. All the bags and beads look and feal identical. You must find out which bag has the lighter beads. You can use a scale, but it has to be a single-tray scale, not a two-tray balance scale. Also, you may use the scale only once. After you place something on the scale it will get stuck so taking anything off or putting anything on will not be weighed. You cant tell the difference by picking them up, they will all feal the same. How can you find out which bag has the lighter beads?
This challenge requires thinking outside of the box, which makes it a good exercise for hackers. You must realize that you are not limited to weighing the bags that already exist.
Take one bead from the first bag, two beads from the second bag, three beads from the third bag, and four beads from the fourth bag. You can leave the fifth bag. Put all the beads you picked up on the single-tray scale, and see what their total weight is.
If they weigh 100 grams, all of the beads are 10 gram beads, and therefore the fifth bag must contain the lighter beads. If they weigh 99 grams, 1 bead is lighter. Then the first bag must contain the lighter beads, since you picked one bead from that bag. With the same logic, it’s the second bag if the beads weigh 98 grams, the third if they weigh 97 grams, and the fourth if they weigh 96 grams.
Note that this solution is easier than some other solutions, since they state that you need five beads from the fifth bag. You don’t, though: and it’s easier to weigh 10 beads than 15.
Hellbound Hackers’ Javascript challenge 3 looks a lot trickier than it actually is. First, you must find the relevant section of the source code. The following is enclosed in SCRIPT tags:
Fix the indentation and linebreaks of the above code, and it’s much easier to read. The content of a1 is substitute with “string” in order to keep the code readable.
var U7 = window, W8 = document;
var a1 = "string";
V0() {
var V0;
V0 = unescape(a1);
W8.write(V0);
}
V0();This code first defines W8 as the current document, and then a1 as a long, illegible string. The function V0() creates a variable with the same name and is assigned the unescaped value of a1, after which it is printed to the W8 (the window). V0() is then run.
In order to see what is printed, we must decode a1. This can be done in several ways, such as with the PHP function urldecode(). I used an online URL decoder.
The string decodes to an HTML form and two Javascripts, one that negates right-clicking and one that checks the username and password. You should be able to find and extract the password and username without any problems:
function pasuser(form) {
var text2='lolage'
var text4='hahaomgz'
if (form.text1.value==text2) {
if (form.text3.value==text4) {
location="index.php?text1=lol&text3=haha"
}
else {
alert("Invalid Password")
}
}
else {
alert("Invalid UserID")
}
}My username/password combination was lolage/hahaomgz.adverse personal loan unsecured 10k12 new loan 17 paydaypayday 12 loan com 18 quick123 loans125 loan bad home13000 loanno credit 1500 loan check1st loan home horizon Map
Since Javascript is implemented client-side, the first thing to do when hacking Javascript is to check the source code. Unfortunately, Hellbound Hackers’ second Javascript challenge contains code that redirects you immedieately when the page loads. In order to view the source code, you must somehow make the browser ignore this redirection. There are several ways. I assume that you are using Firefox:
- Disable Javascript — Edit -> Preferences -> Content, remove the tick in the Enable Javascript box.
- NoScript Add-On — Download the Firefox add-on NoScript, which enables selective enabling/disabling of Javascript in an easily accessible menu.
- wget — or any other application that can fetch remote websites. Functions for this exist in practically every programming language. With wget, you can just run
wget http://hellboundhackers.org/challenges/js/js2/index.php and download a copy of the file, which you can read in any text editor.
When you have acquired the source code, you can find this code:
