i dont see it in the sourceQuote:
Originally Posted by r4nd0m1z
Printable View
i dont see it in the sourceQuote:
Originally Posted by r4nd0m1z
realshady: Hmmmm...I can see it. I wonder if we're looking at the same pages. Please PM me the URL of the page you're looking at.
the note is there. use http://www.hackertest.netQuote:
Originally Posted by realshady
de
Quote:
Originally Posted by r4nd0m1z
i dont have ImageReady. any help??
de
I've been looking at it in imageReady and still don't see a word. I've tried almost everything... has anyone passed this level recently?Quote:
Originally Posted by deByte
You won't see a word in ImageReady either. It looks the same as in Photoshop or in Gimp...just dots. I contacted Jim using the link provided and he replied with a URL (that I can't share) that leads to level 20 ( I think that was part of the "game").
Now, here's where it starts to get weird. My level 20 (www.hackertest.net) has the same bit of code that you guys working on hack-test.com were doing on level 9 or 10: the long hex string that converts to "Congratuations, you have reached..." plus the long base64 line that requires multiple conversion and reveals the line:
"Go to www.streetkorner.net/gb now."
I'm starting to wonder if the creator of these sites meant it literally:
"Only few people have gotten to the end of the MAZE." Anyway, I'll keep poking at this and see if I can get my bearings.
r4nd0m1z: you're on the last level? Well done! You have to get level 20 sorted out, imagine getting stuck now!
Hmmmm...I'm not so sure. The version of the game I've been playing, is on www.hackertest.net (not hack-test.com). On this version, beginning somewhere around level 10, it says there are 100 levels :confused:Quote:
Originally Posted by Moira
i found that too!Quote:
Originally Posted by r4nd0m1z
when i was at level 10
there two pages .htm and .php
other page leads to a guestbook
at the admin.php
if you type in the same username and password
it will show a message
"the password file has been created"
but i don't know where is the passowrd file
speak in frank
i am more interest at that line
it seens like a hidden level
uhm i don't think you need that file or even will find that file at all. more sounds like you need to find a hidden log in.Quote:
Originally Posted by ttn628826
a hidden log in?????Quote:
Originally Posted by realshady
at which page
guestbook.php
or
admin.php
100 levels ??? I'd give up now! :)
Am I missing something? I was stuck at lvl. 2, read through a few pages here, and it said something about looking closer. I figured ascii art, like 13 was a b or something, anywhere near the right way to look at it?
@youkosnake
look at the source... no art, just usual text as it is...
de
lol if you read my answer you could know that i am not at that level. At the moment just waiting for a mail for level 20 but i don't get any so i can't help at the moment.Quote:
Originally Posted by ttn628826
anyone reached level 20 yet? i've reached level 20 (got the email from author), and decoded the given codes, got the link that points me to a guestbook. i guess i have to do something at this guestbook but looking at the source it says
<!---- there's no clues in this output HTML! ---->
i'm outta ideas right now.
Yes...If you do a search for "Sad Raven's Guestbook vulnerabilities", you'll find a number of them. Unfortunately, most of the sites are in Russian so it's a bit of a challenge...
The most obvious vulnerability is password disclosure (trying to get the passwd.dat file) but that doesn't work. I believe the guestbook has been broken, severely restricted, or not set up correctly.
Other stuff I've tried is crosssite scripting and PHP injection, but those don't work either. Next is trying to pass a cookie to the site, but that particular vulnerability didn't translate very well at all:
"if we establish to its machine correctly composed cookie, then it is possible to enter into the adminskiy interface"
Still trying...
Hello all! I signed up to this forum after I couldn't work out how to do level 9.
All I'm seeing is the words 'Crack the password', and the source of the page just looks like this:
That image isn't for this level, so now what am I supposed to do?HTML Code:<HTML>
<HEAD>
<base href='http://www.hackertest.net/'>
</HEAD>
<BODY BGCOLOR="ffffff" TEXT="000000" BG="images/phat.gif">
<br><br><p align=center><b>Authentication Failed. Try again.</b></BODY>
</HTML>
Oh yeah, and I'm also writing a guide for the tests as I go through them. It's in the format
General Info - Just says what you can see
Hints - Hints in the order of how much they give away
Walkthrough - Just tells you what you need to do to complete each level.
So far I've written it up to level 8, but obviously I'm going to need some help myself as I can't make it past level 9 :)
What image? BG="images/phat.gif"? Are you sure?Quote:
Originally Posted by tyranic-moron
Hint: take a look at the image in photoshop (or gimp if you don't have photoshop).
I must be missing something on Level 6....... ARRRRRRR!!!!
var initialsubj="Hello, I want you to see this site."
var initialmsg="Hi:\n You may want to check out this site: "+window.location
var good;
function checkEmailAddress(field) {
var goodEmail = field.value.match(/\b(^(\S+@).+((\.com)|(\.net)|(\.edu)|(\.mil)|(\.gov)|(\.org)|(\.info)|(\.sex)|(\.biz)|(\.aero)|(\.coop)|(\.museum)|(\.name)|(\.pro)|(\..{2,2}))$)\b/gi);
if (goodEmail) {
good = true;
}
else {
alert('Please enter a valid address.');
field.focus();
field.select();
good = false;
}
}
u = window.location;
function mailThisUrl() {
good = false
checkEmailAddress(document.eMailer.email);
if (good) {
window.location = "mailto:"+document.eMailer.email.value+"?subject="+initialsubj+"&body="+initialmsg
}
}
// End -->
</script>
</head><body>
<script language="JavaScript" type="text/javascript">
<!--
var pass, i;
//-->
</script>
<table border="0" cellspacing="1" width="100%">
<tr>
<td width="27%"><img border="0" src="images/logo.gif" width="300" height="145" alt="Logo"></td>
<td width="73%" valign="top">
<div class="header">HACK TEST IN PROGRESS...</div>
Do you mean that there's something else in the ".PhotoShopDocument" then?
Because I already got the username and password for level 8 from there.
On level 9, there's nothing on the screen except the words 'Crack the password'
There's no javascript prompt, and no form to enter a password.
Oh, and Highlander, here's the level 6 set of general info, hints, and walkthrough from my guide (there are some differences between the different sites. I'm doing it on hackertest.net):
Code:+---------+
| Level 6 | [LV6]
+---------+--------------------------
|
| General Info
|
| Another one with an immediate prompt. Just enter whatever you want
| or press cancel. Refresh to enter the password, you get the idea.
|
| Hints
|
| * Well, it's not in the page source. Where else might it be?
| * What external files are included in the page?
| * It's a prompt window that appears - what language creates them?
| * Where's the code for the prompt if it's not in the source?
|
| Walkthrough (SPOILER (highlight to see))
|
| Ok, first you need to open up the page source. See this?
| <SCRIPT SRC="psswd.js"...></script>
| That's linking in the external JavaScript file 'psswd.js'.
| So, change the url from blah/save_as.htm to blah/psswd.js, and
| press enter. Now, in Firefox, it'll open it up like a text file.
| In IE, it'll ask you to download it. Do so, then open in notepad.
| Now, as usual, the password is in the if statement: "hackertestz".
| Go back to the level 6 page, refresh, and enter it.
|
+------------------------------------
the "clue" is further down the page and not in the part you quoted...
<table border="0" cellspacing="1">
<tr>
<td height="1" valign="top">
</td>
</tr>
<tr>
<td width="100%" height="267" valign="top"><b><font size="7" face="Arial"></font>
<SCRIPT SRC="psswd.js" LANGUAGE="JavaScript" type="text/javascript">
</script></b><p> </p>
<div align="center">
<center>
<p><br>
<b><font size="2" face="Arial">Try again...</font></b></p>
</center>
</div>
Now I am up to level 10.... That is worst....
The quote of 100 levels ... UGH!!!!!
The three sites do not fully match
www.hack-test.com
www.hackertest.net
www.hackerskills.com
Did you look at the source code for level 9...look further down...further...further...Quote:
Originally Posted by tyranic-moron
On both hack-test.com and hackertest.net, and in both IE7 and Firefox, all I see is this as the source code for level 9:
HTML Code:<HTML>
<HEAD>
<base href='./'>
</HEAD>
<BODY BGCOLOR="#ffffff" TEXT="#000000" bg="images/phat.gif">
<br><br><p align=center><b>Authentication Failed. Try again.</b></p></BODY>
</HTML>
Yeah... I've been working through www.hackertest.net (the pages are cleaner with less extra garbage on them). I haven't checked out hackerskills.com yet to see how it fits into the picture.Quote:
Originally Posted by Highlander
I think the quote of 100 levels is just to try to make people quit. Both hack-test and hackertest seem to end at level 20.
You need to look at the source code for the page that says, "crack the password"...Quote:
Originally Posted by tyranic-moron
On level 8, type in the username and password and hit enter....that will bring up the page with "crack the password". Then look at that source code.
That is the one I'm looking at. Maybe my computer's intervening or something...
yeah...mine did that too when I tried to load that page (URL removed from previous post). I had to go back to level 8 and enter the username and password to get to the page that says "Crack the password"
I can't believe anything would go up to 100 levels either. What would be the point? People would just get bored, because you can step up the difficulty quite easily with 20 levels, probably less.Quote:
Originally Posted by r4nd0m1z
Woah... all I can say is, be careful anyone using the Firefox extension 'View Source Choice'... it makes level 9 impossible.
anyone tried to get through hackerskills.com?
I tried it and, for the most part it looks very similar to hack-test adn hackertest (a few minor differences in some of the passwords) but it looks like level 10 is broken. I couldn't get any kind of password to work...so I skipped over it. Then level 19 is incomplete. I get:
"...Have a spare minute? Log on! Each level will provide you with a new, harder clue to find a way to get"
and that's where the code stops.
...or as appears to be the case, go from fairly easy to impossible all in one step :)Quote:
Originally Posted by Moira
LOL. Really there's no excuse for anyone h4x0ring IRL, there are so many of these much more complicated tests for anyone wanting to go down this road. I'd say someone completing one of these tests knows far more than your average script kiddie.
By the way, has anyone heard of Netcat in the Hat? If you're old enough to remember the Cat in the Hat books, it's really rather a clever take-off.
http://www.ethicalhacker.net/content/view/84/2/
Anyone solve the puzzle? There are 4 questions at the end.
Level 19 now, I guess I'm supposed to contact the creator to tell him what I've seen.
I guess reaching level20 and finding the admin login page is the end of the journey...
de
Maybe...but remember the clue at level 10:
"You will need to enable cookies for the Admin Panel to work as expected."
Since I have cookies on and it still doesn't work as expected, perhaps the cookie vulnerability will work. I still haven't figured out how to do it.
L7 done ! Now l8 is bugging me and there is no pic link i'm able 2 find! Equally as bad as l7
Still i luvv it !!!
I AM not able to find the link phat.gif in l8. The source is changed!
phat.gif is not a link...it's an image and it's still there.Quote:
Originally Posted by sumitprateek
HINT: to load the image into your browser, type the full path to the image in your location bar.