dcsimg
Page 22 of 32 FirstFirst ... 122021222324 ... LastLast
Results 211 to 220 of 313

Thread: hack-test

  1. #211
    Member
    Join Date
    Jan 2007
    Posts
    30
    Quote Originally Posted by realshady
    uhm i don't think you need that file or even will find that file at all. more sounds like you need to find a hidden log in.
    a hidden log in?????

    at which page

    guestbook.php
    or
    admin.php

  2. #212
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    100 levels ??? I'd give up now!
    77 111 105 114 97

    My PGP signature

  3. #213
    Junior Member
    Join Date
    May 2007
    Posts
    1
    Am I missing something? I was stuck at lvl. 2, read through a few pages here, and it said something about looking closer. I figured ascii art, like 13 was a b or something, anywhere near the right way to look at it?

  4. #214
    Member deByte's Avatar
    Join Date
    Jan 2002
    Posts
    82
    @youkosnake

    look at the source... no art, just usual text as it is...

    de

  5. #215
    Junior Member
    Join Date
    Apr 2007
    Posts
    5
    Quote Originally Posted by ttn628826
    a hidden log in?????

    at which page

    guestbook.php
    or
    admin.php
    lol if you read my answer you could know that i am not at that level. At the moment just waiting for a mail for level 20 but i don't get any so i can't help at the moment.

  6. #216
    Junior Member
    Join Date
    May 2007
    Posts
    1
    anyone reached level 20 yet? i've reached level 20 (got the email from author), and decoded the given codes, got the link that points me to a guestbook. i guess i have to do something at this guestbook but looking at the source it says

    <!---- there's no clues in this output HTML! ---->

    i'm outta ideas right now.

  7. #217
    Junior Member
    Join Date
    May 2007
    Posts
    23
    Yes...If you do a search for "Sad Raven's Guestbook vulnerabilities", you'll find a number of them. Unfortunately, most of the sites are in Russian so it's a bit of a challenge...

    The most obvious vulnerability is password disclosure (trying to get the passwd.dat file) but that doesn't work. I believe the guestbook has been broken, severely restricted, or not set up correctly.

    Other stuff I've tried is crosssite scripting and PHP injection, but those don't work either. Next is trying to pass a cookie to the site, but that particular vulnerability didn't translate very well at all:

    "if we establish to its machine correctly composed cookie, then it is possible to enter into the adminskiy interface"

    Still trying...

  8. #218
    Junior Member tyranic-moron's Avatar
    Join Date
    May 2007
    Posts
    6
    Hello all! I signed up to this forum after I couldn't work out how to do level 9.

    All I'm seeing is the words 'Crack the password', and the source of the page just looks like this:
    HTML Code:
    <HTML>
    <HEAD>
    <base href='http://www.hackertest.net/'>
    </HEAD>
    <BODY BGCOLOR="ffffff" TEXT="000000" BG="images/phat.gif">
    <br><br><p align=center><b>Authentication Failed. Try again.</b></BODY>
    </HTML>
    That image isn't for this level, so now what am I supposed to do?

    Oh yeah, and I'm also writing a guide for the tests as I go through them. It's in the format

    General Info - Just says what you can see
    Hints - Hints in the order of how much they give away
    Walkthrough - Just tells you what you need to do to complete each level.

    So far I've written it up to level 8, but obviously I'm going to need some help myself as I can't make it past level 9
    Last edited by tyranic-moron; May 16th, 2007 at 04:29 PM.

  9. #219
    Junior Member
    Join Date
    May 2007
    Posts
    23
    Quote Originally Posted by tyranic-moron
    That image is just the one for level 8
    What image? BG="images/phat.gif"? Are you sure?

    Hint: take a look at the image in photoshop (or gimp if you don't have photoshop).

  10. #220
    Senior Member
    Join Date
    Jul 2001
    Posts
    343
    I must be missing something on Level 6....... ARRRRRRR!!!!

    var initialsubj="Hello, I want you to see this site."
    var initialmsg="Hi:\n You may want to check out this site: "+window.location
    var good;
    function checkEmailAddress(field) {

    var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\.info)|(\.sex)|(\.biz)|(\.aero)|(\.coop)|(\.museum)|(\.name)|(\.pro)|(\..{2,2}))$)\b/gi);
    if (goodEmail) {
    good = true;
    }
    else {
    alert('Please enter a valid address.');
    field.focus();
    field.select();
    good = false;
    }
    }
    u = window.location;
    function mailThisUrl() {
    good = false
    checkEmailAddress(document.eMailer.email);
    if (good) {

    window.location = "mailto:"+document.eMailer.email.value+"?subject="+initialsubj+"&body="+initialmsg
    }
    }
    // End -->
    </script>
    </head><body>
    <script language="JavaScript" type="text/javascript">
    <!--
    var pass, i;
    //-->
    </script>
    <table border="0" cellspacing="1" width="100%">
    <tr>
    <td width="27%"><img border="0" src="images/logo.gif" width="300" height="145" alt="Logo"></td>
    <td width="73%" valign="top">
    <div class="header">HACK TEST IN PROGRESS...</div>
    Franklin Werren at www.bagpipes.net
    Yes I do play the Bagpipes!

    And learning to Play the Bugle

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •