Printable View
I have a quick question about changing source code with IE first of all heres an example www.hulla-balloo.com/hack/level4/index.php password for level 3 is bubbleboy so you can view level 4. Anyways what you have to do for the password for level 4 is change the source code and replace it with your own email address. But what i want to know is what do you do after you plug in your email address? Do you save the file somewhere and refresh the browser or what? This kind of tripped me up.
You save the notepad file as a .html file.
So when saving just name it filename.html and then open the file and BINGO!
Pretty basic stuff
Remember to quote the filename when saving or notepad, in it's infinite wisdom, will append a .txt extension onto the end.
But now after i do that and save it, when i open the file and click send password to sam (with my email instead) it sends me to page not found and the password never sent.
You have to change the following code
toCode:<center>
<form action="level4.php" method="post">
<input type="hidden" name="to" value="[email protected]">
<input type="submit" value="Send password to Sam">
</form>
</center>
Code:<center>
<form action="http://www.hulla-balloo.com/hack/level4/level4.php" method="post">
<input type="hidden" name="to" value="[email protected]">
<input type="submit" value="Send password to Sam">
</form>
</center>
Arrghh, I missed the fact that the form action was a relative not the actual one. I have been beating my head on this for 3 days.
alternatively, you can just enter the url http://www.hulla-balloo.com/hack/level4/level4.php?to="your.email@address" and save yourself all the file saving/renaming/reopening issues
strange thing
for the 2nd level i've just clicked on submit and reached the 3rd level
if it 's all like that won't be late to see last level
hmm
can't understand the following level
could i get some help
thanks
i feel really stupid say this...what is the password for level 1? I am serious, i cant figure it out
White Eskimo, no need to be embarassed. Here's a hint, sometimes things are hidden in the code. See the source and look for something out of place.
And now for my little embarassment. I cannot figure out how to get level 5 to work. I've been kicking around the basic Windows version of Telnet, and it won't let me in, so I can only assume I'm either doing something wrong or I'm looking at this the entirely wrong way. In either case a couple hints or tips would be greatly appreciated.
EDIT: WAIT! I got connected. But now I have no idea how to get past the logon screen. Or maybe I'm looking at this the wrong way too?
Hmm . . .
telnet...level 5??? hmm...dont know why u'd need telnet. Its editin the webpages source again...just need a new trick to edit the URL, its a bit smarter this time.
Alright I still cant get passed the 3 level....lol
Any hints?
3's pretty simple. A litle crafty, but nothing you can't figure out.
You have to keep in mind that in order to check to verify that the right password was entered, the script has to have something to check it against. (well, in this case it does) It'll be a .txt file, and it's not a very creative name for the file that houses the password.
And since it's the password for level 4 you're trying to get, it's stored in the level4 folder.
So, try and piece together the directory where the password file can be found, and enter that in your web browser.
If you still can't get it, pm me and I'll help you out a bit more.
Now, for my question, if I don't use Telnet what am I supposed to do? Trying the same trick as Level 4 gives me a File Not Found error. Maybe I need to change the filename or directory?
EDIT: Hehe. It just told me "Invalid referring URL. Nice try!" and I can't decide if I was crafty and it's congratulating me or if I'm being predictable and it's mocking me.
Thanx running Duck I am going to try that right now...
B-wOLF
yeh i'm still gettin the nice try error also...guess ya just gotta play around a bit more. Haha...maybe hack his email? if someone posts here into reply of this level dont post the password please...a tiny hint would be ok but dont spoil it...i gotta get this level now :-/...lemme know running duck if u make any progress
hey running duck here's the website's code that i have so far...i think somewhere its hiddin that the button referes to a real URL or real email addy.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title>Hack This Site</title>
</head>
<body bgcolor="#FFFFFF" text="#293E6D" link="#1D2C4D" vlink="#1D2C4D" alink="#000000">
<center>http://www.hulla-balloo.com/hack/images/logo.jpg
<hr color="#293E6D" width=500></center>
<table width=500 cellspacing=0 cellpadding=0 border=0 align="center">
<tr>
<td width=100 valign="top">
<font face="verdana" size=1>
HTS:
About
F.A.Q.
Top Scores
Jump to:
Level 1
Level 2
Level 3
Level 4
Level 5
Level 6
Level 7
Level 8
Level 9
Level 10
Level 11
Level 12
Level 13
http://hulla-balloo.com/hack/counter.php?id=1
</font>
</td>
<td width=400 valign="top">
<font face="verdana" size=1>
<center>Level 5</center>
Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure.
<center>
<form action="http://www.hulla-balloo.com/hack/level5/level5.php" method="post">
<input type="hidden" name="to" value="[email protected]">
<input type="submit" value="Send password to Sam">
</form>
</center>
<center>
password:
<form action="http://www.hulla-balloo.com/hack/level6/index.php" method="post">
<input type="password" name="password">
<input type="submit" value="submit">
</form>
</font>
</td>
</tr>
</table>
<center>
<hr color="#293E6D" width=500>
<font face="verdana" size=1>(C) 2002 Jeremy Hammond</font></center></body>
</html>
Here's what it looks like to me:
For level 4, we could create our own page, and run it locally because it didn't matter where it was being run from. i.e. The Referer didn't matter
For level 5, the Referer must be the index.php page. This is how Sam protected himself from the people who created their own forms. What we want to do it change the "to" value, as in level 4, but this time we need to spoof the Referer as well. This can be accomplished by telneting to port 80. I can get the e-mail to be sent using the commands:
My problem is, I can't figure out how to override the "to" variable.Code:GET /hack/level5/level5.php HTTP/1.1
Host: www.hulla-balloo.com
Referer: http://www.hulla-balloo.com/hack/level5/index.php
I added a "to: email" in the telnet messages, to no avail.
Any suggestions? I just don't understand URL requests well enough. Hopefully someone else does, or else I'll have to read for a few hours to figure this out.
Thanks!
http://www.hulla-balloo.com/hack/level5/level5.php?to="email@address"
or is it
http://www.hulla-balloo.com/hack/level5/index.php?to="email@address"
It's simple php, website.php?variable="blah"
Refer to er0k's tutorial to learn basic php
http://www.antionline.com/showthread...439#post640439
i did the http://www.hulla-balloo.com/hack/level5/level5.php?to="email@address" trick earlier but failed...it sais "Invalid URL Refer, Nice Try!" or something like that...i guess got kinda close but to no avail...so i dunno...
deftones12 > As algaen posted previously, which was what I was replying to, simply going to that url will not work. You must change the referer information to state that you went from the URL http://www.hulla-balloo.com/hack/level5/index.php. Algaen was attempting to do this by telnetting to the host. I am not sure of the process he used so I can not explain what to do there. But I can tell you, the script at /hack/level5/level5.php is checking the a header present in any internet browser, specifically, a referer header, which tells it what page you were 'refered' from, or which page you just came from, in this case it has to be /hack/level5/level5.php, not on your local box, and not hack/level5/level5.php?to="email@address"
Thanks The3ntropy. Thanks for pointing that out. I had already tried that, but it could have been something I overlooked.
My question was:
What does the "to=email@address" look like in a URL request? It cannot be attached to the GET request (like "GET /hack/level5/level5.php?to=email@address"), and it does not seem to work as it's own "to: email@address" request. Basically I need a way to pass a variable to the script...
I could be making this WAY TOO complicated, but I can think of no better way to go about it at the present time.
Thanks for your help guys.
hey any of ya guys figure out how to get passed level 5 yet?
Acturally it is a POST request for level 5. I tried running Ethereal when I submitted with the default values, and the results should be attached. I went and converted it into ASCII and saved it in .txt, and zipped it.
Hopefully if you've ever played with HTTP servers in telnet or something you'll be able to make use of some of this information. And for everyone else, now you know what I'm running ;)
-Tim_axe
hey tim_axe i thought about runnin ethereal but didnt think it'd help any cuz the password would never come my way so i couldnt really sniff it. I looked that the server-to-me text file and it said the password was sent...did u get the password? i noticed u didnt change the html page referrer..what did u do?
level 5
http://www.hulla-balloo.com/hack/level5/level5.php?to="[email protected]",Referer:"http://www.hulla-balloo.com/hack/level5/index.php"
something like that should work but i know the part with referer has something wrong but i cant remember what is it referer = : ?
Thanks Tim_axe for pointing me in the right direction with the POST request. That obviously makes A LOT more sense then trying to GET the page. I should have used my brain and used Ethereal or similar to see what was going on. Anyways, I finally figured it out!
My tips for anyone still stuck on level 5, are:
1. Figure out how to use telnet to send URL requests
2. Figure out how the POST method works in terms of URL requests.
3. You DO have to spook the Referer and that's why you need telnet or similar.
If you are really stuck, PM me and I'll help you out some more.
Good luck all!
To access the pages that require you to change hidden values, check out HTML Source. I believe there was a thread on it previously, but it will allow you to change form values while still on the page. While we're talking about this, if anyone has the level 8 to level 9 solution, or even a step in the right direction... I'm too lazy to sit and figure out what's wrong with the php and it doesn't seem to be anything to do with pipes.
how did u hacked level 5
I raced threw them all.. post me the level 5 question and I'll tell ya. .but my memory sucks
Im telnetting to port 80 to pass level5
here is what telnet gives me
Telnet log
GET /hack/level4/level4.php HTTP/1.1
Referer:http://www.hulla-balloo.com
To="[email protected]"
HTTP/1.1 400 Bad Request
Date: Sun, 06 Jul 2003 18:36:22 GMT
Server: Apache/1.3.20 Sun Cobalt (Unix) Chili!Soft-ASP/3.6.2 mod_ssl/2.8.4 OpenS
SL/0.9.6b PHP/4.1.2 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
13c
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Req
uest</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that th
is server could not understand.
Request header field is missing colon separato
r.
<PRE>
To="[email protected]"</PRE>
</BODY></HTML>
0
what am i doing wrong
Ey... What is this kind off big ass spoiler stuff? It's supposed to be a challange... People spend days weeks and I heard of even months trying to figure stuff like this out. If you did it on yer own you did something for real. If you just read this thread and got to level whatever with as good as zero knowledge, you're nothing more then just what some people would call "scriptkiddie". I forgot the thread about that.
Quote:
Originally posted here by neel
ey... what is this kindoff big ass spoiler stuff. It's supposed to be a challange... people spend days weeks and I heard of even months trying to figure stuff like this out. If you did it on yer own you did something for real. If you just read this thread and got to level whatever with as good as zero knowledge... you're no less then just what some people would call "scriptkiddie". I forogot the thread.
Good point.. I retract my previous post.
i´m also stuck at level5 .... tried to telet but it needed pass ... waht am i supose to do hear??
PLZ help Me!
/ A swedish Guy
i am also lost on level 5..
tried to telnet but needed pass..
someone PLZ help me
/a Swedish Guy
I am also stuck at level 5..
tried to telnet but needed pass.....
PLZ help me!
Heh, I decided to try the things myself to. To give y'all some hope. Level 7 is easy ;). The ones who already got there know what I mean. Ow well...
i dont really see the point in Hacking the website when everyone is asking for help and "what is the pass for level 5 or 10 or whatever .... the point of the site is to use your brain and abilities you have to hack the level and not ask for the password ....what have you archieved by getting the password that easy ....
***MemorY is just throwing his opinion here***
Hey HT, send me the pass and stuff to take a look at the PHP. I'm not gunna bother to hack the rest of it because of lack of time and laziness. But I would like to see this PHP stuff their trying to do.
xmaddness
this is the question
"Sam has gotten wise to all the people who wrote their own forms to get the password. Rather then actually learn the password, he decided to make his email program a little more secure."
Well, I got sucked into it. I mistakenly clicked on the link in the other thread, and wamo.. at level 5. But i really don't feel like brakin out telnet and bothering with the rest. I look at enough web code everyday as it is. Let me know if you guys get stuck on anything and if it drives ya mad for to long, throw me an email at [email protected]
cheers
I quit at level 11 yesterday, might try it this evening again. They are really nice challanges. I saw alot of much easier stuff, altough it isn't to hard really if you just find they right trick.
level5
ive been trying to pass fromlevel5 to level6 for 3 days now I ve tried telnetting to port 80
and spoofing the refere but it doensnt send me the password i've now tried using curl and typing
curl -x 192.168.0.1:6800 -d "password=rainbow&[email protected]" -e http://hulla-ballo.com/hack/level5/level5.php http://www.hulla-balloo.com/hack/level5/index.php
192.168.0.1:6800 being my proxy
whats wrong?
take a look at this line in your source:Quote:
Originally posted here by thesecession
I have a quick question about changing source code with IE first of all heres an example www.hulla-balloo.com/hack/level4/index.php password for level 3 is bubbleboy so you can view level 4. Anyways what you have to do for the password for level 4 is change the source code and replace it with your own email address. But what i want to know is what do you do after you plug in your email address? Do you save the file somewhere and refresh the browser or what? This kind of tripped me up.
<form action="http://www.hulla-balloo.com/hack/level4/level4.php" method="post">
it should have the path & filename of the file which will accept the POST.
Thanks.