L!nK Posted March 3, 2011 Report Share Posted March 3, 2011 (edited) L!nKIntro:Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.Lets just call it a..Hacker PlaygroundBasic 1 - The Idiot Test Inspect the page source and in a comment you will find the password. Basic 2"Network Security Sam set up a password protection script.He made it load the real password from an unencrypted textfile and compare it to the password the user enters.However, he neglected to upload the password file..."Underline the last phrase.The password is NULL.Basic 3"This time Network Security Sam remembered to upload thepassword file, but there were deeper problems than that."View page source and.. <form action="/missions/basic/3/index.php" method="post"> <input type="hidden" name="file" value="password.php" /> <input type="password" name="password" /><br /><br /> <input type="submit" value="submit" /></form>Underline the second line of the code(value="password.php").Add 'password.php' to your URL bar and go.Basic 4 - Javascript FTW"This time Sam hardcoded the password into the script.However, the password is long and complex, and Sam is oftenforgetful.So he wrote a script that would email his passwordto him automatically in case he forgot. Here is the script:"View page source and: <form action="/missions/basic/4/level4.php" method="post"> <input type="hidden" name="to" value="webmaster@hulla-balloo.com" /> <input type="submit" value="Send password to Sam" /></form> </center><br /><br /><center><b>Password:</b><br /> <form action="/missions/basic/4/index.php" method="post"> <input type="password" name="password" /><br /><br /> <input type="submit" value="submit" /></form>What now? Javascript injection. Clear the URL bar and enter this:javascript:void(document.forms[0].to.value="email@NANO_SUX.whatever")Due to the fact that this is the first form in the page, its number (forms[number]) is 0. The name of the form is 'to', so after forms[number] it comes its name.In order to see the changes after that command enter javascript:alert(document.forms[0].to.value)So, after all, the URL bar will look like this:javascript:void(document.forms[0].to.value="your_email@NANO_SUX.whatever");javascript:alert(document.forms[0].to.value)Click on 'Send password to Sam' and you will get the password.Another way of doing this is to download the whole page and edit it. This method is more time-consuming than the first.Basic 5 "Sam has gotten wise to all the people who wrote their own forms to get the password. Rather than actually learn the password, he decidedto make his email program a little more secure."Inspecting the source code: <form action="/missions/basic/5/level5.php" method="post"> <input type="hidden" name="to" value="webmaster@hulla-balloo.com" /> <input type="submit" value="Send password to Sam" /></form> </center><br /><br /><center><b>Password:</b><br /> <form action="/missions/basic/5/index.php" method="post"> <input type="password" name="password" /><br /><br /> <input type="submit" value="submit" /></form>Got it? Do the same for this mission as you did for 4.------------------------------------------------More to come.Now I got some work to do and I gotta respect the schedule.See ya.EDIT: Scuze, m-am grabit si l-am postat unde nu trebuie. Daca poate sa fie mutat la tutoriale in engleza raman dator.Astept opinii. Edited March 3, 2011 by L!nK Quote Link to comment Share on other sites More sharing options...
Flubber Posted March 3, 2011 Report Share Posted March 3, 2011 Asa ceva nu ajuta cu nimic, tot ce trebuie dat sunt indicii pentru newbies, rezolvarile directe nu te aduc nicaieri si nu inveti nimic din ele, eventual te consulti cu rezolvarile postate pe internet dupa ce ai rezolvat misiunea personal (asa inveti ceva nou, recapitulezi sau poate vezi tehnici noi). Crede-ma, am procedat la fel (in 40% din misiuni) si nu am invatat nimic (aproape). Quote Link to comment Share on other sites More sharing options...
L!nK Posted March 3, 2011 Author Report Share Posted March 3, 2011 Eu unul le-am rezolvat singur, singurele indicii dupa care m-am luat erau cele de dinainte sa incepi misiunea respectiva(ex. 'Requirements: HTML knowledge, JS or FF, an email address.'). Sunt totusi persoane care nu se descurca orice/oricate indicii le-ai da. Atunci ce fac acele persoane? Cauta rezolvarea completa. Nu depinde de mine sau de alt user ce posteaza o rezolvare completa ci depinde doar de cel care vrea sa invete asa cum ai zis si tu sa faca ceea ce este corect.Totusi, iti dau dreptate si tutorialele de genul ar trebui pastrate ca un...final resort. Quote Link to comment Share on other sites More sharing options...
