Printable View
Completion of various challenges require experience in web security. SQL injection, apache, exploiting PHP, etc.
http://hax.tor.hu/
Level 1. Make a nasa.gov URL display a text of my choice
Level 4. IP address is 72.14.207.99. What is geek that points to it?
Level 6. Let's see you do some easy SQL ninjitsu
Level 7. snifflog.txt - ngrep format
Level 13. PHP with source - needs exploiting and/or o-o-t-b thinking
Level 15. download.com's uptime
Level 16. root:hsmfs;[email protected]
wow, thanks for the link. This gives me something to do this afternoon at work!
Stuck on #1 ( grrrrrr ), and i thought it was gunna be an easy one...
cross - Are you talking about the levels that start immediately when you enter the page, or the ones listed after you click the challenges link?
I dont wanna appear a 'tard but is it encrypted and if so want decryption must be used i sauck at this stuff. The Source was easy to get.
_____________
"Never overestimate the volume of a container especially when you are using it as a urinal"
Anyone of you Cool Cats pass level 1 yet? Wolfman is stuck:(
Spoiler alert! Don't open the .txt file if you don't want the answer.Quote:
Originally Posted by wolfman1984
I haven't had a lot of time to play this morning, but I've been able to make it through all 5 warm up challenges. I'll register later and see how far I can make it on those.
LOL! *BONK* The Wolfman will try to be vague as to not spoil it for others. I didn't add the two together.
Thanks Phish!
I was able to get passed #1 with wolfmans little hint. Thanks!
I just started doing the actual challenges. The first one had me stumped for a while, but I got it. It took me about 30 minutes though... I was on the wrong trail and then I finally changed my approach and got it. I'm going to put the second one off for tomorrow. I don't think that one is really going to be that hard...
I'm really not that good with web security either. Guess it's time to brush up a bit.
Ok, I got past one, but I want to understand how you decoded the piece of code. I'm not fluent in javascript or HTML; is it a common usage to encrypt or is it even encrypted. Is that java syntax?
I'm not looking at the code now, but I recall It's just plain text with a bit of hex for the "+" sign.
I'm hoping someone out there can help the Wolfman pass level 3. I am lacking web security skillz but I'm hoping to use this game as an oppourtunity to learn.
Please help a wolf-brother out!
Here is what I've got so far for level 3.
Do you use Firefox? If so, get the add on called "web developer". The feature you're going to want to mess with is in the Forms menu...Quote:
Originally Posted by wolfman1984
I haven't attempted to get past level two yet... I have a book called Hacking Web Services that I've been meaning to read for a while. I'm only a couple chapters deep and figured I'd try them again once I acquire some new skills.
Thanks Phish!
I thought someone would mention the Web Developer Plug in for Firefox.
Here are some more funky extension's that may also help!
http://www.darkreading.com/document.asp?doc_id=136029
Nice. Get the other one called user agent switcher that they list... you'll need that one later too... ;)
BTW: Wolfman, I've been meaning to ask you if you know the wolfman's brother?
The Wolfman was not familiar with Phish, but after watching some video's on youtube, The Wolfman digs the Phish!!
Just look at these guys on their crazy trampolines!
http://www.youtube.com/watch?v=jyKwvGy3LTo
How is everyone doing on this challenge?
The Wolfman has been busy partying it up! so I haven't got that far.
I'm currently on Warmup4. I haven't spent to long on it yet, but I'm thinking Telnet'ing into the webserver should allow me to bypass the browser restriction.... Is the Wolfman hot or cold? :)
I haven't attempted level 2 yet. I've been partying a bit myself.
With warmup 4, you want to play with that other firefox plugin I talked about... or, wget or httrack will also work with the correct syntax...
Ok so the Wolfman stumped on Level 1!
Here is what I'm guessing should be done: I'm probably way off!! :)
Attachment 178
OH no's!! No responses after 24 hours. Something tells me The Wolfman is on his own on this one..... :(
Nope, you're not looking for XSS. It's as simple as the hint. Google is your friend. If you still can't figure it out, PM me. I don't want to post this one in public because the next hint will be too easy to guess.
*Wolfman scratches his furry head*
Ok. Let the Wolfman sleep on this one for a bit. The answer is probably right in front of me and I'm just not seeing it. At least I know it's not XSS.
Thanks Phish! I'll PM you if I still can't get it!