Jump to content

Hacking Challenges


RedAlert

Recommended Posts

  • Replies 157
  • Created
  • Last Reply

Top Posters In This Topic

Think i'm on Novice 3 or 4 now (cant remember), the one where you have to find out the isp. Think i know how to do it, just in college atm and probably be doing other things in the mean time so probably wont end up doing it for a while (bit of a waste of time tbh, most of them i know how to do it, its just getting their little clues and reading through them (ie HTTP Protocol, Packet Sniffing etc))

Link to comment
Share on other sites

You didn't inject SQL; you just supplied a(n invalid) variable/value pair.

 

So I put in a command like INSERT INTO or something?

 

Where do I inject the SQL in too? At the end of the URL?

Link to comment
Share on other sites

Red Alert, look at the page source and then look at how php and the http protocol in general handles forms etc. Then you should be able to work out how to do it. Its really easy if you have any experience with that sort of thing.

Link to comment
Share on other sites

Red Alert, look at the page source and then look at how php and the http protocol in general handles forms etc. Then you should be able to work out how to do it. Its really easy if you have any experience with that sort of thing.

I don't. ;)

Link to comment
Share on other sites

SSI injections are much easier then SQL. I actually don't know any SQL but can generally figure a way to inject some code. If you look at my link above, it explains everything. The basic concept is that if PHP (w/o checkign the input for bullshit) sends the request to SQL. You'd get something like this:

 

if (password == 'password')

allow

 

where password is sent to SQL.

So just make the if

 

if (sql('letmein'='letmein' or ') 'the actual password'){

it'll let you through, no questions asked

}

 

The real trick is guessing how the internal source is set up.

Link to comment
Share on other sites

Macro, it works with IE. I can't remember which one is 6, but the text gives clues, too. Try what's linked. If it's the CSS one, do a google search on relative linking to CSS.

 

Can anyone help me on level 4 (or is it 3.5? lol) on apprentice? I checked... Everything... Only hints (of course)

Link to comment
Share on other sites

You're on the right tracks redalert. You don't need to use any MySQL injection, you just need to know the name of the variable that matters (check your syntax as well).

 

Yes I got it!

 

I actually got it in school, and Aeturnus sent me a message saying the samething too. I was trying [HIDE]pass=eagle and god=eagle, etc.[/HIDE], but it never occured to me to try what I used.

 

Thankyou all.

Link to comment
Share on other sites

This might be an extremely dumb question, but I'll ask it anyways.

Are the sites hackthissite.org and the dievo.org safe? That is to say, do they do anything bad to you and your computer (like installing spyware in Internet Temp files or something worse than that)? Do I need an annonymizer while surfing these sites?

Many thanx.

Link to comment
Share on other sites

This might be an extremely dumb question' date=' but I'll ask it anyways.

Are the sites hackthissite.org and the dievo.org safe? That is to say, do they do anything bad to you and your computer (like installing spyware in Internet Temp files or something worse than that)? Do I need an annonymizer while surfing these sites?

Many thanx.[/quote']

 

I don't know about hackthissite, but dievo seems to be good.

Link to comment
Share on other sites

Ah! I knew it!

 

Flash / as far as can tell, anything macromedia will not install on my 64 bit AMD. :mad:

 

I found a tutorial a long time ago talking about Linux environments and how I could get something to *compile* on 64 bit that normally wouldn't, but flash just installs, not compiles.

 

I'll look around google some, though. I'm sure there's a way.

Link to comment
Share on other sites

Nah, that one was just a matter of (spoilers) finding the swf . The one I was having problems on was the one with the two javascripts. I knew exactly what was happening, I saw it from the first, I just couldn't get a hold of the stupid second javascript.The one where it tricks people intothinking the password is somemthing it isn't. Hopefully that won't come up when people don't wanna see it. Now I'm on 8 (apprentice) and I know what's goin on, but not where to find the next level. I'll give it another 5 minutes and go back to my homework. :D

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.