http://www.dievo.org

 

This site offers a bunch of really interesting challenges, from cryptography, to PHP manipulation. I right now am on Apprentice: Level 5. Try it out and tell me what you think. Has anyone else already tried it?

 

Go to the site, click on challenges>wargames>hook. Hook is the first challenge.

stuck on level three of apprentice. : P

 

4 now.

 

5

Interesting - level 8 so far

do you need to become a member to do the challenges?

got to level 10 on apprentice (ended up using an old java program i wrote when looking at the school webmail), now off to bed

do you need to become a member to do the challenges?

 

Nope.

 

Level 10 already on Apprentice! How long have you been working on it?

 

I am stuck on level 5 too....I hear you have to use PHP to manipulate it or something......

Interesting - level 8 so far

 

Apprentice or Hook?

It's bugging me now!

 

Hook, apprentice and novice were fairly straightforward. Neophyte's a whole different thing (for me anyway).

How do you even play?

You've got to try to find the URL for the next level anyway you can.

The "Challenge" is neither a link nor a button. I can't figure out how to play this thing.

The question is, how do you START to play?

Where do I GO TO EVEN START PLAYING THIS WEIRD GAME?

click the link then follow the directions in the first post

I DID! Like I said, the Challenge cannot be clicked. It is just there. i click, nothing happens.

The first level of Neophyte is tricky. There's two things you've gotta do to at the same time, I can do them both on their own but can't seem to combine them!

 

(deliberately vague to avoid spoilers)

Can ANYONE tell me how to start playing this game? The Challenge text is not a link so can't click it. So how do I start playing??????

Ok - the site doesn't seem to support IE. Go to this page - http://www.dievo.org/index.php?cmd=1∂=2 but to play it best you might have to use a real browser.

I am stuck on level 5 too....I hear you have to use PHP to manipulate it or something......

You use code injection. PHP itself doesn't ahve any sort of exploit, but you can use SQL. Most sites usign SQL nowadays use PHP to check for bullshit, but your average amature web designer might have the exploit.

 

This is a realyl good article:

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

 

One of the levels at hackthissite.org simply required '='' or '...

 

Obviously ''(nothing) == '' so the condition is passed. To search for a passwordfile you can try something like:

Union All Select null, pass, from pass, try exporting it to a file, or just execute shit by putting something like:

'; whatever.

 

You need to play around w/ it because you dont know exactly what the script looks like from the inside. Normally changing to double quotes or adding some parentheses will fix any errors.

I don't get what's after mind6 (in Hook) . I can't seem to find it. Is it because Im using IE?

If this is the god, sex, password dropdown level there is no need to consider mySQL.

 

(referring to post #19)

Not sure whether you mean level 6 or 7 but they can both be done in IE.

What's behind it all

 

They're no fun if it's spoiled!

 

Btw, web browsers wont matter much on it. You'd be just as well using Lynx (I think that's what it is)

 

Quikc question: Do the levels actual get to "hacking?" The first two (I'm not past 2) are pretty fun but I'm not goign to all of them if they're like that.

Can ANYONE tell me how to start playing this game? The Challenge text is not a link so can't click it. So how do I start playing??????

 

Use Firefox, I am sure you are using IE. It doesn't work on IE for me too.

What's behind it all

 

They're no fun if it's spoiled!

 

Btw' date=' web browsers wont matter much on it. You'd be just as well using Lynx (I think that's what it is)

 

Quikc question: Do the levels actual get to "hacking?" The first two (I'm not past 2) are pretty fun but I'm not goign to all of them if they're like that.[/quote']

 

The more advanced challenges are hacking. Hook gets you hooked. Apprentice and onwards introduce you to hacking.

 

If this is the god' date=' sex, password dropdown level there is no need to consider mySQL.

 

(referring to post #19)[/quote']

 

I think I know what I have to do to pass level 5, but I am getting the syntax wrong I am quite sure....this is what I am doing Mossoi, check it out:

 

[HIDE]www.dievo.org:82/apprentice/level5aaa/indexaa.php?$god==eagle[/HIDE]

 

Tell me what I am doing wrong...just give me hints of course.