Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Hackxor challenge help

  1. #1
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Hackxor challenge help

    Has anyone else tried this challenge? http://hackxor.sourceforge.net/cgi-bin/index.pl
    I'm having a hell of a time with a particular part. I've spent hours and now I just want to understand the solution but I can't find any walkthroughs anywhere. I don't want the answer to the whole challenge but just the one part I am stuck on. I did see the hints on their website but it didn't help. I'm just out of ideas and I know I would gain more knowledge at this point by not banging my head against the wall anymore. Thanks!


    EDIT: Ugh my eyes feel like they are going to bleed because I've been starting at my screen trying to get this working for so long! My XSS foo is not up to par apparently. Or I am just going about this all wrong. If anyone can provide any help I am specifically stuck on part 3 of the challenge.
    Last edited by Dudeman02379; 07-03-2012 at 07:37 PM.

  2. #2
    Just burned his ISO
    Join Date
    Jul 2012
    Posts
    4

    Default Re: Hackxor challenge help

    Where are you stuck?

    (I intentionally haven't released a public walkthrough since I don't want to provide an easy way out, but I'm happy to help people who are truly stymied)

  3. #3
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Hackxor challenge help

    I'll try to respond without any major spoilers. I have gotten to GGHB. I've identified a valid email address. Now I was trying to use XSS through a message to hijack their email session. I was successful in having them send me an email with their session cookie before I realized that wouldn't do me any good (hence the hint on your website!). Short of password brute forcing I'm out of ideas.
    BTW this is an exceptional program you have put together. It's really unique in the way it presents the challenges and makes you think outside the box while giving you a story to follow along. Well Done!

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Hackxor challenge help

    Quote Originally Posted by Dudeman02379 View Post
    I'll try to respond without any major spoilers. I have gotten to GGHB. I've identified a valid email address. Now I was trying to use XSS through a message to hijack their email session. I was successful in having them send me an email with their session cookie before I realized that wouldn't do me any good (hence the hint on your website!).
    POTENTIAL SPOILER Good news, you were indeed barking up the correct tree. Try setting your session cookie to the value of their session cookie...
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2012
    Posts
    4

    Default Re: Hackxor challenge help

    Spoilers

    You need to extract data from a couple of accounts on gghb; the one of the person you're tracking, and the admin's. Naturally, hacking the admin's account is more difficult. You can actually hijack the first person's account using pure csrf, but session riding via xss as suggested by thorin should work fine too.

    Some accounts are locked to specific IP addresses so you can't log into them even if you know the password or have the jsessionid. When this is the case, you need to write some xss to achieve your goal directly. A good place to start is xss that extracts the html source of the page.

  6. #6
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Hackxor challenge help

    Quote Originally Posted by thorin View Post
    POTENTIAL SPOILER Good news, you were indeed barking up the correct tree. Try setting your session cookie to the value of their session cookie...
    Thanks it's good to know I was approaching the problem the right way. I was setting my session cookie using burp but there were other problems. The cookie for the page where emails are rendered/read is different than the login/inbox cookie. The inbox is actually a different domain so I couldn't get the right cookie even using iframe tricks. I am probably missing something dumb. I wont be able to try again until mondsay because I will be on vacation until then. I guess at least knowing I wasn't way off can get me to focus on the problem.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Hackxor challenge help

    Hmmm I haven't done the challenge yet myself, but I'm guessing you may need to read up on (don't laugh) cookie tossing....

    This paper might be a good start https://media.blackhat.com/bh-ad-11/..._WebApp-WP.pdf there's also a video of their presentation around too...
    Last edited by thorin; 07-05-2012 at 06:50 AM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Just burned his ISO
    Join Date
    Jul 2012
    Posts
    4

    Default Re: Hackxor challenge help

    I think I see the problem. You're trying to hack wraithmail, which is extremely difficult if not impossible. As you observed, the xss is isolated on the wraithbox domain, so it can't be used to hijack wraithmail accounts. To make progress you need to find vulnerabilities in gghb.


    Cookie tossing is a fine technique and definitely worth reading up on, but it won't help you here.

  9. #9
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Hackxor challenge help

    Quote Originally Posted by albinowax View Post
    I think I see the problem. You're trying to hack wraithmail, which is extremely difficult if not impossible. As you observed, the xss is isolated on the wraithbox domain, so it can't be used to hijack wraithmail accounts. To make progress you need to find vulnerabilities in gghb.


    Cookie tossing is a fine technique and definitely worth reading up on, but it won't help you here.
    ok so I guess I need to use the wraithbox xss to gain access to gghb somehow? Or should I just maybe play with the gghb login screen a little more to see if I can find any vulns?

    I will check out cookie tossing. It sounds interesting.

  10. #10
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Hackxor challenge help

    Quote Originally Posted by albinowax View Post
    Spoilers

    You need to extract data from a couple of accounts on gghb; the one of the person you're tracking, and the admin's. Naturally, hacking the admin's account is more difficult. You can actually hijack the first person's account using pure csrf, but session riding via xss as suggested by thorin should work fine too.

    Some accounts are locked to specific IP addresses so you can't log into them even if you know the password or have the jsessionid. When this is the case, you need to write some xss to achieve your goal directly. A good place to start is xss that extracts the html source of the page.
    I've been checking this thread from my phone and somehow missed this post earlier. So csrf is an option? That's pretty cool for this type of challenge. Also it sounds like maybe wraithmail isn't the only email domain. Like I said before i'm away right now so I won't get a chance to try anything new for a few days.

Page 1 of 2 12 LastLast

Similar Threads

  1. Passed my CTP challenge
    By Dudeman02379 in forum BackTrack 5 General Topics
    Replies: 7
    Last Post: 06-06-2011, 08:21 PM
  2. I passed the OSCP challenge!
    By Dudeman02379 in forum Experts Forum
    Replies: 29
    Last Post: 06-15-2010, 12:45 AM
  3. Penetration Challenge
    By vityav in forum OLD Pentesting
    Replies: 9
    Last Post: 03-06-2010, 07:12 PM
  4. The Challenge
    By Cann0n in forum OLD Newbie Area
    Replies: 9
    Last Post: 08-29-2009, 01:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •