HellBoundHackers, or simply HBH, is a very famous and well-known security challenge based website. It contains challenges from several different cybersecurity fields.
I’ve decided to have a bit of fun and try to solve every single challenge presented, from the easiest to the hardest. (although easy and hard will be different depending on your skillset and field of expertise).
As I do with any challenge website, I WILL NEVER post the flag in cleartext, as it kills the fun and thrill of finding it, however I will post my way (or ways) of getting there. This is done in respect of the website’s security and non-disclosure policy, even when it doesn’t have one ;).
Web Hacking Challenge 1 (idiot’s test)
This is what I generally call the “idiot’s test”, which is the most basic challenge that could be solved with trivial knowledge such as knowing how to browse the web for websites and checking out it’s code.
The challenge presents us with a single input field named “password” with a small “submit” button to the right. It is obvious that it is waiting for a password to move us forward. As the challenge doesn’t provide us with any other information let’s inspect the code with our beloved friend Google Chrome Developer Tools (or F12).
Scrolling through the code looking for the term “password”. Our password field is within an HTML form, but a bit before we can also see an HTML comment, that gives us a hint of what the password is:
Judging by the comment, the password is obvious, simply go back to the form, input the password (that should be obvious) and there we have it. You’ve just passed the “Idiot’s” test. Consider yourself not an idiot anymore!
See you on the next challenge.