Hacking Challenges

[calbiterol]

Hey i beat hook it was really easy, but I can't find the wargame-dialog, might that be cause i'm using IE?

[Rekkr]

I am at level 8 on Apprentice. Very tedious.

[Rekkr]

Hey RedAlert, it's:

 

SPOILERS (highlight after here for answer): www.dievo.org:82/apprentice/level5aaa/indexaa.php?password=eagle

[Rekkr]

Yes! I beat level 8 (I'll give a hint to whoever asks)! On to level 9!

[Aeternus]

Think i'm on Novice 3 or 4 now (cant remember), the one where you have to find out the isp. Think i know how to do it, just in college atm and probably be doing other things in the mean time so probably wont end up doing it for a while (bit of a waste of time tbh, most of them i know how to do it, its just getting their little clues and reading through them (ie HTTP Protocol, Packet Sniffing etc))

[Aeternus]

Just got onto novice lvl 10 now (says down for maintenance, not sure if it means it or not but either way i think ill leave it now and get on with something productive).

[Sayonara]

Tell me what I am doing wrong...just give me hints of course.

You didn't inject SQL; you just supplied a(n invalid) variable/value pair.

[RedAlert]

You didn't inject SQL; you just supplied a(n invalid) variable/value pair.

 

So I put in a command like INSERT INTO or something?

 

Where do I inject the SQL in too? At the end of the URL?

[Aeternus]

Red Alert, look at the page source and then look at how php and the http protocol in general handles forms etc. Then you should be able to work out how to do it. Its really easy if you have any experience with that sort of thing.

[RedAlert]

Red Alert, look at the page source and then look at how php and the http protocol in general handles forms etc. Then you should be able to work out how to do it. Its really easy if you have any experience with that sort of thing.

I don't.

[1veedo]

SSI injections are much easier then SQL. I actually don't know any SQL but can generally figure a way to inject some code. If you look at my link above, it explains everything. The basic concept is that if PHP (w/o checkign the input for bullshit) sends the request to SQL. You'd get something like this:

 

if (password == 'password')

allow

 

where password is sent to SQL.

So just make the if

 

if (sql('letmein'='letmein' or ') 'the actual password'){

it'll let you through, no questions asked

}

 

The real trick is guessing how the internal source is set up.

[-Demosthenes-]

Yeah, it's pretty sweet. I got passed Hook, but I'm stuck on level 3 on Apprentice. In the previous ones it was always in the page info or the page source, it's beyond my skills now...

[mossoi]

You're on the right tracks redalert. You don't need to use any MySQL injection, you just need to know the name of the variable that matters (check your syntax as well).

[Macroscopic]

I'm on level 6 on the Hook, and I'm stuck. I've looked all over the page and looked at the source, but can't find anything.

[calbiterol]

Macro, it works with IE. I can't remember which one is 6, but the text gives clues, too. Try what's linked. If it's the CSS one, do a google search on relative linking to CSS.

 

Can anyone help me on level 4 (or is it 3.5? lol) on apprentice? I checked... Everything... Only hints (of course)

[RedAlert]

You're on the right tracks redalert. You don't need to use any MySQL injection, you just need to know the name of the variable that matters (check your syntax as well).

 

Yes I got it!

 

I actually got it in school, and Aeturnus sent me a message saying the samething too. I was trying [HIDE]pass=eagle and god=eagle, etc.[/HIDE], but it never occured to me to try what I used.

 

Thankyou all.

[The Thing]

This might be an extremely dumb question, but I'll ask it anyways.

Are the sites hackthissite.org and the dievo.org safe? That is to say, do they do anything bad to you and your computer (like installing spyware in Internet Temp files or something worse than that)? Do I need an annonymizer while surfing these sites?

Many thanx.

[RedAlert]

This might be an extremely dumb question' date=' but I'll ask it anyways.

Are the sites hackthissite.org and the dievo.org safe? That is to say, do they do anything bad to you and your computer (like installing spyware in Internet Temp files or something worse than that)? Do I need an annonymizer while surfing these sites?

Many thanx.[/quote']

 

I don't know about hackthissite, but dievo seems to be good.

[mossoi]

If you mean the shockwave one then you need to take a better look at the shockwave file.

[1veedo]

Ah! I knew it!

 

Flash / as far as can tell, anything macromedia will not install on my 64 bit AMD.

 

I found a tutorial a long time ago talking about Linux environments and how I could get something to *compile* on 64 bit that normally wouldn't, but flash just installs, not compiles.

 

I'll look around google some, though. I'm sure there's a way.

[calbiterol]

Nah, that one was just a matter of (spoilers) finding the swf . The one I was having problems on was the one with the two javascripts. I knew exactly what was happening, I saw it from the first, I just couldn't get a hold of the stupid second javascript.The one where it tricks people intothinking the password is somemthing it isn't. Hopefully that won't come up when people don't wanna see it. Now I'm on 8 (apprentice) and I know what's goin on, but not where to find the next level. I'll give it another 5 minutes and go back to my homework.

[calbiterol]

Hehe, just thought of a dirty way to get the output of the function in number 8!

Open a new window with the code!

There goes number 8!

[RedAlert]

Hehe' date=' just thought of a dirty way to get the output of the function in number 8!

Open a new window with the code!

There goes number 8!

 

Stuck on Level6

[calbiterol]

Of apprentice?

[RedAlert]

Of apprentice?

 

yes