I have a quick question about changing source code with IE first of all heres an example www.hulla-balloo.com/hack/level4/index.php password for level 3 is bubbleboy so you can view level 4. Anyways what you have to do for the password for level 4 is change the source code and replace it with your own email address. But what i want to know is what do you do after you plug in your email address? Do you save the file somewhere and refresh the browser or what? This kind of tripped me up.

You save the notepad file as a .html file.

So when saving just name it filename.html and then open the file and BINGO!

Pretty basic stuff

Remember to quote the filename when saving or notepad, in it's infinite wisdom, will append a .txt extension onto the end.

But now after i do that and save it, when i open the file and click send password to sam (with my email instead) it sends me to page not found and the password never sent.

You have to change the following code
<center>
<form action="level4.php" method="post">
<input type="hidden" name="to" value="webmaster@hulla-balloo.com">
<input type="submit" value="Send password to Sam">
</form>
</center>

to

<center>
<form action="http://www.hulla-balloo.com/hack/level4/level4.php" method="post">
<input type="hidden" name="to" value="youremailaddress@whatever.com">
<input type="submit" value="Send password to Sam">
</form>
</center>

Arrghh, I missed the fact that the form action was a relative not the actual one. I have been beating my head on this for 3 days.

alternatively, you can just enter the url http://www.hulla-balloo.com/hack/level4/level4.php?to="your.email@address" and save yourself all the file saving/renaming/reopening issues

strange thing
for the 2nd level i've just clicked on submit and reached the 3rd level
if it 's all like that won't be late to see last level

hmm
can't understand the following level
could i get some help
thanks

i feel really stupid say this...what is the password for level 1? I am serious, i cant figure it out

White Eskimo, no need to be embarassed. Here's a hint, sometimes things are hidden in the code. See the source and look for something out of place.

And now for my little embarassment. I cannot figure out how to get level 5 to work. I've been kicking around the basic Windows version of Telnet, and it won't let me in, so I can only assume I'm either doing something wrong or I'm looking at this the entirely wrong way. In either case a couple hints or tips would be greatly appreciated.

EDIT: WAIT! I got connected. But now I have no idea how to get past the logon screen. Or maybe I'm looking at this the wrong way too?

Hmm . . .

telnet...level 5??? hmm...dont know why u'd need telnet. Its editin the webpages source again...just need a new trick to edit the URL, its a bit smarter this time.

Alright I still cant get passed the 3 level....lol

Any hints?

3's pretty simple. A litle crafty, but nothing you can't figure out.

You have to keep in mind that in order to check to verify that the right password was entered, the script has to have something to check it against. (well, in this case it does) It'll be a .txt file, and it's not a very creative name for the file that houses the password.

And since it's the password for level 4 you're trying to get, it's stored in the level4 folder.

So, try and piece together the directory where the password file can be found, and enter that in your web browser.

If you still can't get it, pm me and I'll help you out a bit more.

Now, for my question, if I don't use Telnet what am I supposed to do? Trying the same trick as Level 4 gives me a File Not Found error. Maybe I need to change the filename or directory?

EDIT: Hehe. It just told me "Invalid referring URL. Nice try!" and I can't decide if I was crafty and it's congratulating me or if I'm being predictable and it's mocking me.

Thanx running Duck I am going to try that right now...

B-wOLF

yeh i'm still gettin the nice try error also...guess ya just gotta play around a bit more. Haha...maybe hack his email? if someone posts here into reply of this level dont post the password please...a tiny hint would be ok but dont spoil it...i gotta get this level now :-/...lemme know running duck if u make any progress

hey running duck here's the website's code that i have so far...i think somewhere its hiddin that the button referes to a real URL or real email addy.



<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title>Hack This Site</title>
</head>
<body bgcolor="#FFFFFF" text="#293E6D" link="#1D2C4D" vlink="#1D2C4D" alink="#000000">

<center>http://www.hulla-balloo.com/hack/images/logo.jpg
<hr color="#293E6D" width=500></center>



<table width=500 cellspacing=0 cellpadding=0 border=0 align="center">
<tr>
<td width=100 valign="top">
<font face="verdana" size=1>
HTS:

About (http://www.hulla-balloo.com/hack/index.php)

F.A.Q. (http://www.hulla-balloo.com/hack/faq.php)

Top Scores (http://www.hulla-balloo.com/hack/topscores.php)



Jump to:

Level 1 (http://www.hulla-balloo.com/hack/level1/)


Level 2 (http://www.hulla-balloo.com/hack/level2/)

Level 3 (http://www.hulla-balloo.com/hack/level3/)

Level 4 (http://www.hulla-balloo.com/hack/level4/)

Level 5 (http://www.hulla-balloo.com/hack/level5/)


Level 6 (http://www.hulla-balloo.com/hack/level6/)

Level 7 (http://www.hulla-balloo.com/hack/level7/)

Level 8 (http://www.hulla-balloo.com/hack/level8/)

Level 9 (http://www.hulla-balloo.com/hack/level9/)

Level 10 (http://www.hulla-balloo.com/hack/level10/)

Level 11 (http://www.hulla-balloo.com/hack/level11/)

Level 12 (http://www.hulla-balloo.com/hack/level12/)

Level 13 (http://www.hulla-balloo.com/hack/level13/)



http://hulla-balloo.com/hack/counter.php?id=1
</font>
</td>
<td width=400 valign="top">
<font face="verdana" size=1>



<center>Level 5</center>





Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure.




<center>
<form action="http://www.hulla-balloo.com/hack/level5/level5.php" method="post">
<input type="hidden" name="to" value="deft0nes12@hotmail.com">
<input type="submit" value="Send password to Sam">
</form>
</center>





<center>
password:

<form action="http://www.hulla-balloo.com/hack/level6/index.php" method="post">
<input type="password" name="password">



<input type="submit" value="submit">
</form>


</font>
</td>
</tr>
</table>



<center>
<hr color="#293E6D" width=500>
<font face="verdana" size=1>(C) 2002 Jeremy Hammond ( webmaster@hulla-balloo.com)</font></center></body>
</html>

Here's what it looks like to me:
For level 4, we could create our own page, and run it locally because it didn't matter where it was being run from. i.e. The Referer didn't matter
For level 5, the Referer must be the index.php page. This is how Sam protected himself from the people who created their own forms. What we want to do it change the "to" value, as in level 4, but this time we need to spoof the Referer as well. This can be accomplished by telneting to port 80. I can get the e-mail to be sent using the commands:

GET /hack/level5/level5.php HTTP/1.1
Host: www.hulla-balloo.com
Referer: http://www.hulla-balloo.com/hack/level5/index.php

My problem is, I can't figure out how to override the "to" variable.
I added a "to: email" in the telnet messages, to no avail.
Any suggestions? I just don't understand URL requests well enough. Hopefully someone else does, or else I'll have to read for a few hours to figure this out.
Thanks!

http://www.hulla-balloo.com/hack/level5/level5.php?to="email@address"
or is it
http://www.hulla-balloo.com/hack/level5/index.php?to="email@address"

It's simple php, website.php?variable="blah"
Refer to er0k's tutorial to learn basic php
http://www.antionline.com/showthread.php?s=&postid=640439#post640439

i did the http://www.hulla-balloo.com/hack/level5/level5.php?to="email@address" trick earlier but failed...it sais "Invalid URL Refer, Nice Try!" or something like that...i guess got kinda close but to no avail...so i dunno...

deftones12 > As algaen posted previously, which was what I was replying to, simply going to that url will not work. You must change the referer information to state that you went from the URL http://www.hulla-balloo.com/hack/level5/index.php. Algaen was attempting to do this by telnetting to the host. I am not sure of the process he used so I can not explain what to do there. But I can tell you, the script at /hack/level5/level5.php is checking the a header present in any internet browser, specifically, a referer header, which tells it what page you were 'refered' from, or which page you just came from, in this case it has to be /hack/level5/level5.php, not on your local box, and not hack/level5/level5.php?to="email@address"

Thanks The3ntropy. Thanks for pointing that out. I had already tried that, but it could have been something I overlooked.
My question was:
What does the "to=email@address" look like in a URL request? It cannot be attached to the GET request (like "GET /hack/level5/level5.php?to=email@address"), and it does not seem to work as it's own "to: email@address" request. Basically I need a way to pass a variable to the script...

I could be making this WAY TOO complicated, but I can think of no better way to go about it at the present time.

Thanks for your help guys.

hey any of ya guys figure out how to get passed level 5 yet?

Acturally it is a POST request for level 5. I tried running Ethereal when I submitted with the default values, and the results should be attached. I went and converted it into ASCII and saved it in .txt, and zipped it.

Hopefully if you've ever played with HTTP servers in telnet or something you'll be able to make use of some of this information. And for everyone else, now you know what I'm running ;)

-Tim_axe

hey tim_axe i thought about runnin ethereal but didnt think it'd help any cuz the password would never come my way so i couldnt really sniff it. I looked that the server-to-me text file and it said the password was sent...did u get the password? i noticed u didnt change the html page referrer..what did u do?

level 5

http://www.hulla-balloo.com/hack/level5/level5.php?to="rainbow_dragon_@hotmail.com",Referer:"http://www.hulla-balloo.com/hack/level5/index.php"

something like that should work but i know the part with referer has something wrong but i cant remember what is it referer = : ?

Thanks Tim_axe for pointing me in the right direction with the POST request. That obviously makes A LOT more sense then trying to GET the page. I should have used my brain and used Ethereal or similar to see what was going on. Anyways, I finally figured it out!
My tips for anyone still stuck on level 5, are:
1. Figure out how to use telnet to send URL requests
2. Figure out how the POST method works in terms of URL requests.
3. You DO have to spook the Referer and that's why you need telnet or similar.

If you are really stuck, PM me and I'll help you out some more.
Good luck all!

To access the pages that require you to change hidden values, check out HTML Source. I believe there was a thread on it previously, but it will allow you to change form values while still on the page. While we're talking about this, if anyone has the level 8 to level 9 solution, or even a step in the right direction... I'm too lazy to sit and figure out what's wrong with the php and it doesn't seem to be anything to do with pipes.

how did u hacked level 5

I raced threw them all.. post me the level 5 question and I'll tell ya. .but my memory sucks

Im telnetting to port 80 to pass level5
here is what telnet gives me

Telnet log
GET /hack/level4/level4.php HTTP/1.1
Referer:http://www.hulla-balloo.com
To="myadress@mymailserver.com"

HTTP/1.1 400 Bad Request
Date: Sun, 06 Jul 2003 18:36:22 GMT
Server: Apache/1.3.20 Sun Cobalt (Unix) Chili!Soft-ASP/3.6.2 mod_ssl/2.8.4 OpenS
SL/0.9.6b PHP/4.1.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

13c
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Req
uest</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that th
is server could not understand.


Request header field is missing colon separato
r.


<PRE>
To="myadress@mymailserver.com"</PRE>



</BODY></HTML>

0

what am i doing wrong

Ey... What is this kind off big ass spoiler stuff? It's supposed to be a challange... People spend days weeks and I heard of even months trying to figure stuff like this out. If you did it on yer own you did something for real. If you just read this thread and got to level whatever with as good as zero knowledge, you're nothing more then just what some people would call "scriptkiddie". I forgot the thread about that.

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by neel
ey... what is this kindoff big ass spoiler stuff. It's supposed to be a challange... people spend days weeks and I heard of even months trying to figure stuff like this out. If you did it on yer own you did something for real. If you just read this thread and got to level whatever with as good as zero knowledge... you're no less then just what some people would call "scriptkiddie". I forogot the thread.


Good point.. I retract my previous post.

i´m also stuck at level5 .... tried to telet but it needed pass ... waht am i supose to do hear??
PLZ help Me!


/ A swedish Guy

i am also lost on level 5..
tried to telnet but needed pass..
someone PLZ help me

/a Swedish Guy

I am also stuck at level 5..
tried to telnet but needed pass.....
PLZ help me!

Heh, I decided to try the things myself to. To give y'all some hope. Level 7 is easy ;). The ones who already got there know what I mean. Ow well...

i dont really see the point in Hacking the website when everyone is asking for help and "what is the pass for level 5 or 10 or whatever .... the point of the site is to use your brain and abilities you have to hack the level and not ask for the password ....what have you archieved by getting the password that easy ....

***MemorY is just throwing his opinion here***

Hey HT, send me the pass and stuff to take a look at the PHP. I'm not gunna bother to hack the rest of it because of lack of time and laziness. But I would like to see this PHP stuff their trying to do.

xmaddness

this is the question

"Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure."

Well, I got sucked into it. I mistakenly clicked on the link in the other thread, and wamo.. at level 5. But i really don't feel like brakin out telnet and bothering with the rest. I look at enough web code everyday as it is. Let me know if you guys get stuck on anything and if it drives ya mad for to long, throw me an email at xmaddness@planetmaddness.com


cheers

I quit at level 11 yesterday, might try it this evening again. They are really nice challanges. I saw alot of much easier stuff, altough it isn't to hard really if you just find they right trick.

level5

ive been trying to pass fromlevel5 to level6 for 3 days now I ve tried telnetting to port 80

and spoofing the refere but it doensnt send me the password i've now tried using curl and typing

curl -x 192.168.0.1:6800 -d "password=rainbow&to=spike054@hotmail.com" -e http://hulla-ballo.com/hack/level5/level5.php http://www.hulla-balloo.com/hack/level5/index.php

192.168.0.1:6800 being my proxy

whats wrong?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by thesecession
I have a quick question about changing source code with IE first of all heres an example www.hulla-balloo.com/hack/level4/index.php password for level 3 is bubbleboy so you can view level 4. Anyways what you have to do for the password for level 4 is change the source code and replace it with your own email address. But what i want to know is what do you do after you plug in your email address? Do you save the file somewhere and refresh the browser or what? This kind of tripped me up.

take a look at this line in your source:

<form action="http://www.hulla-balloo.com/hack/level4/level4.php" method="post">

it should have the path & filename of the file which will accept the POST.

Thanks.

hi friends,

thanx for letting me know such a wonderful site. i`ve gone through level 4 but got stuck up in level 5, what should i do. i`m trying to get through this level, but in case if any gets through it then pls let me.

____________________________
Security makes me tense.

I went through levels 1-4 very fast, but on level 5 I got stuck for a couple hours, and after finally getting it to work and "send" me the password, i never recieved it.. Any ideas?

I had it sent to a hotmail acc, anybody else get it to work w/hotmail?

If you did not receive the password, then you obviously did not properly complete the level. I had the password sent to a hotmail account so that is not the problem.
Try looking at the source code and seeing where the password is mailed to. You can override this value... You probably did not override it properly. It's up to you to figure out how.
Good luck!

Is there anything I could read to learn this stuff, or do I just play around with it? I tried at Hulla-Balloo, and I am completely awful, but I haven't been able to find anything to really read on the subject. Any pointers, tips, tuts, texts would be appreciated, thank you.

http://www.governmentsecurity.org/articles/SQLInjectionModesofAttackDefenceandWhyItMatters.php


http://b0iler.eyeonsecurity.org/tutorials/hackingcgi.htm

Algaen
.... added a "to: email" in the telnet messages, to no avail. ......
maybe use some HTML mailto: ?

it has to be /hack/level5/level5.php
Yes but it don't have to be hulla-ballo.com/hack/level5/level5.php, I suppose it could be http://127.0.0.1/hack/level5/level5.php, but I ain't sure, I'm no hacker or anything lol.

easy

ok everybody that can get it has probably gotten it by now for those that havn't i hope this helps:

http://www.antionline.com/showthread.php?s=&threadid=246927

After 5 pages the discussions on level 5 & 6 ended. Im assuming everyone got threw them. These five pages where the most heated examples of people trying to actually learn something I’ve ever seen here. I believe many did,

Level 7 takes a skill level not to be found in this world so I ask a question on level 8:

How in hell do you get sams daughter to give you the friggen password? i know it has something to do with shtml (i think)

Don’t give the answer if you know it yet just clues and pointers to places to learn.

tip on lvl 8: google Server side includes
you might want to do some script injection



---------------------------------------------------------------

I understand that I need to inject SSI statements, but do I need a PHP script to do it? I haven't spent any time with php for several years. If php is the way to go, then I will jump in with both feet. If not, then I'd rather not waste my time.

If you are still working on lvl 4 or 5, you might not want to read this post. I am wondering why I had to change the content-length string on lvl 5 and not on lvl 4? For some reason on lvl 5 I had to change the number to suit my email address. Was this another security measure?

I encoded this hint in Base64. Don't read this if you really enjoy figuring out things yerself because it comes close to a spoiler. you can decrypt it here:
http://www.antionline.com/tools-and-toys/encrypt-text/

It's about the SSI on level 8 (or what I think was level 8)

dGhlIHNpc3RlcnMgc2NyaXB0IG1ha2VzIGEgdGVtcCAuc2h0bWwgZmlsZSAobm90aWNlIHRoZSBzIGluIHNodG1sKSBhbmQgcHV0cyB5b3VyIG5hbWUgKHdpY2ggeW91IGVudGVyZWQgeW91cnNlbGYpIGluIGl0Li4uICAgc3NpID0+ICA9PiA6RA==

ùÑ¡”�Í¥ÍÑ•ÉÌ�Í�É¥ÁÐ�µ…*•Ì�„�Ñ•µÀ€¹Í¡Ñµ°�™¥±”€¡¹½Ñ¥�”�Ñ¡”�Ì�¥¸�͡ѵ°¤�…¹��ÁÕÑÌ�å½ÕÈ�¹…µ”€¡Ý¥� �å½Ô�•¹Ñ•É•��å½ÕÉÍ•±˜¤�¥¸�¥Ð¸¸¸€€�Íͤ€ôø€

Nice hint! lmao

You sure you selected Base 64 Decode in that options list ? :p

hehehe I think someone that really needs the hint should try all the options just to make sure.
Or maybe a combination like ASCII to Binary then Base 64 Decode then Un-Pig Latin!

Welcome the the Hack neel's post challenge! ;)

neels base64 decoded fine for me!

I need help i cant get passed level 3 and 4 and i changed the html to <center>
<form action="http://www.hulla-balloo.com/hack/level4/level4.php" method="post">
<input type="hidden" name="to" value="youremailaddress@whatever.com">
<input type="submit" value="Send password to Sam">
</form>
</center>

That was for level 4 but i didnt work.

Then i have no clue how to get passed level 3 at all.

Please Help Me!!!!!

This thread is five years old.

http://www.hulla-balloo.com

Will be your problem. My bet is that it is no longer hosted there....... 5 years is a long time in internet terms?

You need to find out where it is being hosted these days (if it still is) and substitute that address for the one above.