HellBoundHackers Basic Web Hacking Challenge 3

HellBoundHackers, or simply HBH, is a very famous and well-known security challenge based website. It contains challenges from several different cybersecurity fields.

I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).

As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).

Web Hacking Challenge 3

This time the author only provides us with a simple instruction:

Now, Drake learned how to make http user agents with php.

Wrong user_agent, bwh3_user_agent wasn’t found

So I guess we have to change our browser user agent to be able to connect to the right page. There are loads of ways we can do that, just to name a few:

  1. Use Google Chrome Developer tools to change the user-agent and access the page again
  2. Use a Google Chrome Extension to create a custom user-agent the site needs
  3. Curl the website directly on the terminal and issuing the user-agent it is expecting
  4. Intercept the request with an intercepting proxy (such as Burp Suite), change the user-agent for what is needed, before allowing the request to move forward.

The first option is by far the easiest one for newbies especially because it is already embedded in our Google Chrome browser, so let’s do it. Using our beloved Dev Tools (F12). Choose “More Tools > Network Conditions“. Notice that the default user-agent option is marked. Let’s unmark that and change the user-agent to “bwh3_user_agent”.

Now all you have to do is refresh the page, and we are done! I hope you liked it and learned something new! See ya in the next challenge!

Related posts