shinnok Posted May 10, 2008 Report Posted May 10, 2008 La adresa http://hax.tor.hu/ se gaseste un wargame-hacking challenge destul de interesant care va v-a testa o multime de cunostinte (programare,php,xss,networking,criptologie,etc...).Cuprinde urmatoarele nivele Level 1. Make a nasa.gov URL display a text of my choiceLevel 2. debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2Level 3. RecognizeLevel 4. IP address is 72.14.221.104. What contains 'art' that points to it?Level 5. Password is the owl's nameLevel 6. Let's see you do some easy SQL ninjitsuLevel 7. snifflog.txt - ngrep formatLevel 8. Password is on a picture: not available from anywhereLevel 9. Elementary MathsLevel 10. A poemLevel 11. As simple as hashing a stringLevel 12. Ultra TuringLevel 13. PHP with source - needs exploiting and/or o-o-t-b thinkingLevel 14. Recognize #2Level 15. download.com's uptimeLevel 16. root:hsmfs;g@10.0.0.5Level 17. Feed me!Level 18. Find all usernamesLevel 19. red+blue+green = ?Level 20. Recognize #3Level 21. Backdoor on a suspended domainLevel 22. MS-WordLevel 23. Too easyLevel 24. Defense Intelligence AgencyLevel 25. BitNinjaLevel 26. PHP filemanager with source - needs more exploitLevel 27. The photo doesn't loadLevel 28. [url]telnet://hax.tor.hu:1800[/url] - Google Word GameLevel 29. Circumvent PHP filters for XSSLevel 30. Create the given image using a numberLevel 31. Find all usernames v2.0Level 32. Exploit file2image.phpLevel 33. Defense Information Systems Agency - 199.57.1.130Level 34. Password is in the imageLevel 35. Follow the patternLevel 36. Root password neededLevel 37. password = f(200)Level 38. Name the malwareLevel 39. China Science And Technology NetworkLevel 40. I can has satellite?Level 41. Poem vs PHPLevel 42. Criminal Minds FBI haxor sceneLevel 43. CNN's routerLevel 44. Blind SQL injectionLevel 45. Frogs n ToadsLevel 46. Seizure!!!!!!!Level 47. Backdoor is listening on host - find itLevel 48. .htaccess editor vs basic authLevel 49. Forged DNS from the CIALevel 50. No infoAstea dupa ce treceti de primele 5 ca sa va puteti inregistra.Momentan eu sunt la level13 si mi s-a parut destul de interesant si inovator.Try it out! 1 Quote
Nalltaroh Posted May 11, 2008 Report Posted May 11, 2008 If you solve this, you can register and start the sweet challenges The password is short and simple.M-am blocat aici Hint? Am incercat Hexa la ASCII da e ciudat rau si nu merge Quote
shinnok Posted May 11, 2008 Author Report Posted May 11, 2008 Incearca sa pui in textboxul password diferse caractere : a ,b ,z,abc si vei vedea ca iti apare sub textbox forma encriptata deasemenea daca te joci putin vei vedea ca din cele doua numere pe caracter encriptat doar primul este important.Acum stii deajuns ca sa poti decripta 66 202 73 73 84 132 88 249.GL Quote
HunterxD Posted June 16, 2008 Report Posted June 16, 2008 imi poti da un hint pt warmup3? :\LE: ms Quote
Grunt Posted July 10, 2008 Report Posted July 10, 2008 M-am blocat la level 16. BTW, mai ai nevoie de ajutor cu warmup3? Ca nu vad sa iti fi raspuns cineva aici, si pe atunci chatul nu era online. Quote
Nabukadnezar Posted July 11, 2008 Report Posted July 11, 2008 pff ar fi fost tare site-ul dacã nu l-ar fi terminat deja 2... nu mai e nici un challanege aºa când tot ce poþi face e sã împarþi locul 1 cu alþii Quote
brugner Posted August 17, 2008 Report Posted August 17, 2008 Me iz beginner :shock: !Poate sa ma ajute cineva cu un hint la level2?Level 2. debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2 Multumesc Quote
brugner Posted August 17, 2008 Report Posted August 17, 2008 Jack the Ripper google it!Mersi pentru raspuns. Cu JTR am incercat de cateva ori, de fiecare data imi zice "no hash passwords found".Cred ca nu creez bine fiserul in care trebuie sa existe stringul de decriptat. Quote
devianc3 Posted August 17, 2008 Report Posted August 17, 2008 Garantat nu faci ceva bine. Nu mai stiu exact command line-ul, dar fa un fisier, cauta cum arata un exemplu de passwd, root:parolacriptata::/bash... plm, you get the point. Si in loc de parolacriptata, pune parolele alea encriptate... in fiecare linie, fa un user diferit.. prima linie, in loc de root, de exemplu, scrie 1 (sa-ti fie mai usor sa le identifici dup-aia), a 2-a linie, alt user, pe nume 2, cu a 2-a parola encriptata, restul ramane la fel. Hope it helps Quote
Hertz Posted August 17, 2008 Report Posted August 17, 2008 debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2 deCfBQ0MS4MSA delCZeH4hHOq. deKaHJpaMFqSk deURVbdSEtxPo deImhlc0Y/L/k dehu92waVC.Pk deVX2jv60XD4Q detlQw1i3GbU2 der4QGDteh9qYDar e tare ciudat nivelu.Care ar veni user si care password?Cum ar trebui sa le asez in fisierul .txt ?Edit:L-am trecut:D Quote
begood Posted August 17, 2008 Report Posted August 17, 2008 debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2 deCfBQ0MS4MSA delCZeH4hHOq. deKaHJpaMFqSk deURVbdSEtxPo deImhlc0Y/L/k dehu92waVC.Pk deVX2jv60XD4Q detlQw1i3GbU2 der4QGDteh9qYDar e tare ciudat nivelu.Care ar veni user si care password?Cum ar trebui sa le asez in fisierul .txt ?Edit:L-am trecut:Dall you do now is enter 7 words with spaces between them Quote
begood Posted August 17, 2008 Report Posted August 17, 2008 Me iz beginner :shock: !Poate sa ma ajute cineva cu un hint la level2?Level 2. debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2 Multumescall you do Quote
brugner Posted August 17, 2008 Report Posted August 17, 2008 Garantat nu faci ceva bine. Nu mai stiu exact command line-ul, dar fa un fisier, cauta cum arata un exemplu de passwd, root:parolacriptata::/bash... plm, you get the point. Si in loc de parolacriptata, pune parolele alea encriptate... in fiecare linie, fa un user diferit.. prima linie, in loc de root, de exemplu, scrie 1 (sa-ti fie mai usor sa le identifici dup-aia), a 2-a linie, alt user, pe nume 2, cu a 2-a parola encriptata, restul ramane la fel. Hope it helps Multumesc pentru indicatii tuturor! Quote
m00n_shine Posted August 17, 2008 Report Posted August 17, 2008 am trecut warmup-ul,dar imi apare o fereastra in care trebuie sa imi aleg parola iar la orice combinatie imi zice invalid password.ma poate ajuta cineva Quote
m00n_shine Posted August 18, 2008 Report Posted August 18, 2008 am rezolvat ,faceam eu o prostie,daca mi-ar putea da cineva un hint la level 3 Quote
m00n_shine Posted August 18, 2008 Report Posted August 18, 2008 ok,am trecut si de lvl3,un hint la 4 se poate ,mersi anticipat Quote
AlucardHao Posted August 18, 2008 Report Posted August 18, 2008 Jack the Ripper google it!Mersi pentru raspuns. Cu JTR am incercat de cateva ori, de fiecare data imi zice "no hash passwords found".Cred ca nu creez bine fiserul in care trebuie sa existe stringul de decriptat.pt a sparge parolele e john the ripper nu jack..... pt devianc3 si brugner Quote
brugner Posted August 18, 2008 Report Posted August 18, 2008 Jack the Ripper google it!Mersi pentru raspuns. Cu JTR am incercat de cateva ori, de fiecare data imi zice "no hash passwords found".Cred ca nu creez bine fiserul in care trebuie sa existe stringul de decriptat.pt a sparge parolele e john the ripper nu jack..... pt devianc3 si brugnerJack Daniels... John Daniels vs. Jack the ripper ... John the ripper. Esenta tot aia e... Quote
Hertz Posted August 18, 2008 Report Posted August 18, 2008 Care palaria mea aveti idee la 4IP address is 72.14.221.104. Password is a domain (domain.tld format, no subdomains) that contains the word "art" and resolves to it. You don't have to buy a domain Reverse IP Domain de pe RST nu merge. Quote
devianc3 Posted August 18, 2008 Report Posted August 18, 2008 http://www.myipneighbors.com/ Asa mergea, cand l-am facut eu...PS: Cum ti-a mers la caracterul ala ASCII? Quote
brugner Posted August 18, 2008 Report Posted August 18, 2008 Care palaria mea aveti idee la 4IP address is 72.14.221.104. Password is a domain (domain.tld format, no subdomains) that contains the word "art" and resolves to it. You don't have to buy a domain Reverse IP Domain de pe RST nu merge.GoogleEarthTe astept la 7... sa imi zici daca treci Quote
devianc3 Posted August 18, 2008 Report Posted August 18, 2008 AAaah... 7-le e ala super-complicat. Unde iti da un log in hex, si un link la codul sursa al unui exploit mysql?.. right?... Ala e greu.. stiu ca si mie Grunt (thank you) mi l-a explicat... Quote
brugner Posted August 18, 2008 Report Posted August 18, 2008 AAaah... 7-le e ala super-complicat. Unde iti da un log in hex, si un link la codul sursa al unui exploit mysql?.. right?... Ala e greu.. stiu ca si mie Grunt (thank you) mi l-a explicat...Ala e!!! problema e ca trebuie sa adaptezi si logul in hex si exploitul...Mai incerc.... Quote