|
It is currently Fri May 10, 2024 8:29 am
|
|
Page 1 of 1
|
[ 12 posts ] |
|
Author |
Message |
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
Hackthissite.org
http://www.hackthissite.org is one of those websites with a series of challenges where you have to hack you way through them. So far I'm up to Basic: level 5, which has taken me about 20 minutes. I'm sure some of you will fly through the basic challenges, but I figured you might be interested in giving it a shot. I'm hoping to learn something from it Utilise the new spoiler tags if you're gonna post answers though! Basic:EDIT: Level 6 Hmm, I figure out this is something to do with Ascii, I've also figured out how to predict the 1st and second letter of the code. But after the 3rd letter it's beyond me! Still, working on it slowly... EDIT: Level 7! EDIT: Level 8!
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Tue Mar 02, 2010 12:46 pm |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
Re: Hackthissite.org
booo...you have to register an account? *edit* Well, being who I am, I registered an account. I was going through the basic challenges but my IT folks apparently didn't like me going to that site. I got through 5 or 6 I think. I'll probably pick this up from home or something. So far, fairly easy.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Tue Mar 02, 2010 2:11 pm |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
Re: Hackthissite.org
Easy for you oh master of the webiverse. I'm stuck on challenge 8, I get a rough idea of what to do but I'm not sure exactly how to achieve it. EDIT: Managed to do it, but I had to look up help EDIT: Gotten to level 10 now, but my knowledge ran out looong ago! However, all these answers I'm putting research in to are becoming useful. On that note, On level 10 I may need to either use a different browser, or learn some basic coding.
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Tue Mar 02, 2010 3:26 pm |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
Re: Hackthissite.org
heh...not looking at your stuff until I beat it myself. Currently on level 7. 6 was kinda fun. With 7 I'm pretty sure I know what I need to be doing, but need to figure out the mechanics of it. *edit* beat 7. I actually got the syntax right on one try but forgot something stupid. Currently pondering 8.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Tue Mar 02, 2010 5:48 pm |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
Re: Hackthissite.org
I reckon you'll be able to clock this whole thing off! Spoiler tags came in useful, in a weird way I'm using them to keep notes. I wonder what kind of things I will learn!
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Tue Mar 02, 2010 6:22 pm |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
Re: Hackthissite.org
yea, spoiler tags ftw. spoilers include actual answers, so beware The first 4 were pretty easy. All they required was a basic understanding of html and 'view source'. 5 was actually a little trickier, since it implemented the referrer check. The way I spoofed it was to use firebug to live-edit the html on the page. How'd you do it? 6 was actually fairly easy to me.. basically just a matter of figuring out the encryption method. I started off by putting in the letter a...which got me a. I then tried aaaa, which got me abcd, and that was pretty much the end of any challenge. The rest was just doing the math and figuring out the order that the punctuation marks showed up in. I didn't think about it being ASCII sequence, though that makes sense. To me this was the first actual challenge. The description and activation made it obvious that the writer was passing off the POST var into a perl script. I assumed it was taking that variable and just sticking it to the end of a system call (ie, cal 2002). The trick was figuring out how to end one command and start a new line of commands. I guessed a semicolon, but forgot to add a year (like cal; ls -al) which did NOT work. I don't know if that's because it really wouldn't work, or if these guys' scripting failed to take that option into account. So I screwed with it for awhile, trying redirects and pipes and crap, and eventually I just googled how to append multiple commands to a single line in Unix. Which ended up being with semicolons. Which is when I solved it. *phew* Still pondering this, though not continually (had class). I'm pretty sure the 'kid' is taking an unfiltered post far and sticking it either into a mkdir system call, or using fopen() or some other php function to create the file. The trick is figuring out which and how to exploit it. Still thinking on this one... hopefully sleeping on it will be of help.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Tue Mar 02, 2010 9:09 pm |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
Re: Hackthissite.org
Fookin heck! I'm still stuck on B10! Mind you, I have been asleep for the past few hours I'll take another look in to it. You finding it challenging yet? EDIT: Complete. Whilst messing around with JS injection I stumbled upon a code that allowed me to view all cookies. Originally, I couldn't find the right cookie or how to edit in firefox on my system. I think firefox stores all cookies in one file, making it harder to edit. So, with that I downloaded cookie editor for firefox. Once I had the cookie, it was really, REALLY simple to get in. Is B11 really a mission of any sort? Or is it just a script to learn stuff from?
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Wed Mar 03, 2010 5:12 am |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
Re: Hackthissite.org
Hmm, question Am I trying too hard if I'm thinking of cookies at this stage?
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Wed Mar 03, 2010 7:03 am |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
Re: Hackthissite.org
are you talking about basic 2?
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Wed Mar 03, 2010 7:58 am |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
Re: Hackthissite.org
Realistic 2
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Wed Mar 03, 2010 8:26 am |
|
|
Satis
Felix Rex
Joined: Fri Mar 28, 2003 6:01 pm Posts: 16650 Location: On a slope
|
Re: Hackthissite.org
ah. I'll have to get back to you on that. I haven't had a chance to play this since yesterday.
_________________ They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.
|
Wed Mar 03, 2010 1:25 pm |
|
|
Mole
Minor Diety
Joined: Fri Apr 11, 2003 5:09 pm Posts: 4003 Location: Walsall, West Mids, UK
|
Re: Hackthissite.org
It's the anti-racist level I've found the login site hidden within the front page, but then I'm presented with a login script. Trying to use SSI to get a directory listing doesn't seem to work, incase there's maybe a password file. Maybe I'm doing it wrong though. I figured I might be able to fake an authorised cookie, but using javascript injection I can't find a cookie that seems to relate to the log in.
_________________ Games to complete: GTA IV [100%] (For Multiplayer next!) Fallout 3 [50%] Rock Band [35%] http://www.cafepress.com/SmeepProducts
|
Thu Mar 04, 2010 6:39 am |
|
|
|
Page 1 of 1
|
[ 12 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 6 guests |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|