Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: Hackxor challenge help

  1. #11
    Just burned his ISO
    Join Date
    Jul 2012
    Posts
    4

    Default Re: Hackxor challenge help

    Quote Originally Posted by Dudeman02379 View Post
    ok so I guess I need to use the wraithbox xss to gain access to gghb somehow? Or should I just maybe play with the gghb login screen a little more to see if I can find any vulns?
    Try some of the logins/pass combos you extracted from cloaknet. That will get you into an account, and from there you should be able to spot some useful vulnerabilities.

  2. #12
    Senior Member
    Join Date
    Jan 2010
    Posts
    140

    Default Re: Hackxor challenge help

    Well I have made some more progress. I had made it through cloacknet to GGHB without extracting all the username password combos. I went back as you suggested and got everyones credentials. That definitely helped! Then I found a vuln in GGHB that lets me read all it's source code. Now I have an idea of what I need to do but I'm kind of stuck again. I've been playing with setting some GET params on the admin page via scripts I'm sending through email to the admin. The tokens and other limitations make things really hard though. I'm beginning to think that this is slightly above my current level. I'm considering downloading some other client side type challenges to up my game then come back to this one. I still wish there were some kind of walkthough available so I could learn what I am missing.

  3. #13
    Just burned their ISO
    Join Date
    Mar 2013
    Posts
    1

    Default Re: Hackxor challenge help

    I'm having some trouble with the cloaknet portion of this challenge. I've read the hint file but I need a stronger push in the right direction. I've tried sql injection (via fuzzing with zaproxy) on various inputs to no avail...

    UPDATE: I determined the fuzzer was not creating valid results because the token was not being generated on each iteration, which caused a "token invalid" error (turns out I was fuzzing the wrong request). After messing around for a while I was able to successfully raise an sql syntax exception so I think I'm on the right track and things are making sense now!

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Passed my CTP challenge
    By Dudeman02379 in forum BackTrack 5 General Topics
    Replies: 7
    Last Post: 06-06-2011, 08:21 PM
  2. I passed the OSCP challenge!
    By Dudeman02379 in forum Experts Forum
    Replies: 29
    Last Post: 06-15-2010, 12:45 AM
  3. Penetration Challenge
    By vityav in forum OLD Pentesting
    Replies: 9
    Last Post: 03-06-2010, 07:12 PM
  4. The Challenge
    By Cann0n in forum OLD Newbie Area
    Replies: 9
    Last Post: 08-29-2009, 01:18 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •