PDA

View Full Version : "hacking" challenge



Pages : [1] 2 3

confuted
05-22-2003, 06:52 PM
Mods: nothing against the rules here

This is kinda interesting, although it's fairly easy up until level 8...which is where I got stuck. I don't know how to save the file I need...(you'll see when you get there, don't want to spoil anything)

http://homepage.eircom.net/~level12/11.html

RoD
05-22-2003, 07:05 PM
i must read too much into $$$$ cuz i cant get passed one.....

Govtcheez
05-22-2003, 07:18 PM
The midi makes me want to hurt things...

I'm trying it, though.

-KEN-
05-22-2003, 07:22 PM
I had to turn my sound off.

Number one was so easy it hurt. "Durrr...viewing the source with frames is harrrddd". When I got to number two and saw all of the busywork needed to get the answer (by viewing the source, anyway. If there's another way I missed it.), I stopped.

RoD
05-22-2003, 07:27 PM
midi? must be that i dont have thta java crap

XSquared
05-22-2003, 07:56 PM
I'm too lazy to guess #5. What's the password.

confuted
05-22-2003, 08:17 PM
You must be a very lazy person...I'll just give you a hint. It tells you the answer on the page. Try some of the choices it gives you.

XSquared
05-22-2003, 08:18 PM
Never mind. Figured it out before you posted. Now I'm stuck on level 9.

OneStiffRod
05-22-2003, 08:36 PM
Number 2 was easy - I just put in a debug statement document.write(de11) and it gave the answer - it's 12358 and it does not change -- the numbers stand for the positions to click so just click the entire top row and the middle buttons of the following 2 rows.

Number 3 seems like some work -- so i didn't even bother.

ygfperson
05-22-2003, 08:39 PM
A lot of these I just skipped past the password and got the next level's address from the code.

(BTW, ken, most of the busywork isn't that bad... substring(2,3) is almost always letter c, substring (3,4) is d, etc...)

I'm on level 9... this is a lot of fun. :D

confuted
05-22-2003, 09:51 PM
well, now that there are people past level 8...how do you save the flash animation...and if there is something exceedingly special that I have to do to get it, how do I get to the source code for it? Just looking for a hint... I got this far without knowing Java...just got the document.write ( ) tip from someone.

JaWiB
05-22-2003, 10:12 PM
without knowing what im doing...have you tried on number three getting the name of the user/pass page and then typing in like "admin" or "harry" or somthing for user?

KneeGrow
05-22-2003, 10:37 PM
theres also try2hack.nl <<very hard

-KEN-
05-23-2003, 04:44 AM
I think try2hack is pretty easy. Hackerslab.org is fun.

vasanth
05-23-2003, 10:08 AM
Originally posted by blackrat364
You must be a very lazy person...I'll just give you a hint. It tells you the answer on the page. Try some of the choices it gives you.

tried all the choice prick?--- dick?---mick?---stick? none work


edited
--------
ok got it.. forget it

vasanth
05-23-2003, 10:48 AM
I am on level 8 and decompiled the SWF file.. but notin to say that it has a next page.. just displays the same message what ever..

edited
---------

got through.. now in level 9 it seems to be a JAVA applet.

vasanth
05-23-2003, 02:36 PM
Ok i have found a way to break level 9..

The password in 7 char long it can hvae numbers from 1 to 9 and the characters ABC. and it compulsorily needs to have an "AB" string in the password..

That makes the possibilities 1492992 combinations almost 1.5 millions.. I have created a program to generate all this and try brute force.. untill a valid non 404 page is opened.. I cannot run this here since i use dial up.. Does any one having broad band intrested in cracking this with me by running my program...


If checking ten password takes 2 second.. then considering that if the last combination is the actual password it will take around 70 to 80 hours to crack it... But i think the password might be some where in between.. so it will take around 10 to 15 hours....

Any one interested..... we can even discuss ways to make this brute fore better.

And i decompiled the .class file. but it does not have the password.. Thats the trick in the security there.. The password is actually an html file on the server.. if right password is AB12345 then a file http://homepage.eircom.net/~level12/AB12345.html will exist on the server...

JaWiB
05-23-2003, 07:52 PM
heh...remind me not to try to learn about hackin again lol...
after being on hackerslab.org for a while, i waws suddenly interupted by this loud:
BZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
which wouldnt stop...
i guess it was the floppy drive, so not knowing what to do, i shut off the computer (that stopped it)...freaked me out anyways lol

confuted
05-23-2003, 09:48 PM
vasanth - I can help you out with the brute force method, if you can tell me what you did to decompile the flash...PM or email me.

confuted
05-23-2003, 11:24 PM
ooh... I found a decompiler after a bit of searching...and I figured out how to save the file, so I should be good to go now.

vasanth
05-24-2003, 12:41 AM
Sent you a PM buddy.. actually you do not need to decompile the flash file.. just open it in note pad..

Maverik
05-24-2003, 04:48 AM
Well i got all the way up to level 9 and i don't even want to try that one. And with the rest of them i didn't find most of the passwords i just found the next site that would give me the next level. Ohh well though level 8 is level 9. BTW i started when i got home from work at 5:30am and it's now 6:47am o i am going to go and get some sleep.

-Bill

Maverik
05-24-2003, 04:50 AM
ohh btw i'll be happy to try and crack it with you just send me all the stuff on a pm.

-Bill

vasanth
05-24-2003, 06:19 AM
Ok.. I have generated the list of all the possible URL's the file size is 75 MB and has 1.5 million possible URL's..
I have split it into files of 10000 URL each and have around 150 files... of 500 kb each... and i have a gree URL checking software all so far are invalid.. once i get a vaild one.. i can go to the next level..


FOr those intrested i can send some of the pages say 5 each (50000 URL) or more so you too can check.. and who ever gets a correct link can inform the others.. so who ever in intrsted and has a broad band please PM me...

vasanth
05-24-2003, 07:20 AM
Ok who ever is intrested in joining to break this...
Please download the below software which is free...

http://home.snafu.de/tilman/XENU.ZIP

after downloading please ask me for the link file.. which are 150 in number.. I have finiched running 2 files but not successfull.. Through systematic distribution of the 150 files among us.. we can break it easily... Please take part in this...

Sang-drax
05-24-2003, 08:10 AM
I'm also on level 9...

I've decompiled the .class files and reached the same conclusion as vasanth.
I have a broadband connection so send me the link files and I'll scan for the correct page.

vasanth
05-24-2003, 09:28 AM
Ok... I have PM'ed you Sang-drax..
THose intrested please PM me your mail id so that i can send part of the brute force attack file to you.. There are totaly 6 parts now... so requires 6 people atleast to do it effectively...

Bye

vasanth
05-24-2003, 10:18 AM
Ok thanx for sendin the mail id

Sang-drax
XSquared and
blackrat364

i have sent you the files.. any one else intrested to join us..

Brian
05-24-2003, 10:30 AM
Originally posted by blackrat364
Mods: nothing against the rules here

This is kinda interesting, although it's fairly easy up until level 8...which is where I got stuck. I don't know how to save the file I need...(you'll see when you get there, don't want to spoil anything)

http://homepage.eircom.net/~level12/11.html

That's pretty damn pointless. Trinity would frown on you wannabes :P

vasanth
05-24-2003, 10:36 AM
Originally posted by Brian
That's pretty damn pointless. Trinity would frown on you wannabes :P

well its just fun.. the 9 part is really fun.. try it your self...

confuted
05-24-2003, 10:54 AM
I hope Xenu isn't checking these pages sequentially, and is instead choosing a random order...and I hope even more that if they aren't, our ISPs aren't watching this. We're not doing anything wrong, but it'll still look suspicious.

vasanth
05-24-2003, 11:02 AM
Originally posted by blackrat364
I hope Xenu isn't checking these pages sequentially, and is instead choosing a random order...and I hope even more that if they aren't, our ISPs aren't watching this. We're not doing anything wrong, but it'll still look suspicious.

well i have generated the pages in a some what random order.. but still you can say that they are sequential.. Any way it is not illegal.. It is like a contest and the full permision has been given by the site owner...



:D:D:D ISP's if they have an hawk eye may suspect sometrhing... think about checking 1.5 million web pages in a day from a single connection :D:D:D:D:D..


so any whats the progress.. which file are you processing now.. and any luck?????

confuted
05-24-2003, 11:22 AM
I've run (to be updated as I progress):
50-62

I'm running
63

No results yet

vasanth
05-24-2003, 12:04 PM
ok this is how the distribution has taken place



XSquared 1.rar 0-24
Sang-drax 2.rar,4.rar 25-49,75-99
blackrat364 3.rar 50-74



got feedback from blackrat364 and Sang-drax

have two more files 5.rar and 6.rar each containing 25 files...

the Wookie
05-24-2003, 01:54 PM
there has to be an easier way for 9

confuted
05-24-2003, 02:53 PM
Hey guys...is this function in the java for #9 going to be a problem?



public void run()
{
do
try
{
do
{
xxoooxo.getthread();
xxxooo.getthread();
Thread.sleep(50L);
} while(!warefuc);
if(warez$$$$er == 5)
{
repaint();
warefuc = false;
} else
{
warez$$$$er = warez$$$$er + 1;
}
}
catch(InterruptedException interruptedexception) { }
while(true);
}


Edit: the explitives in the code were replaced with $$$$, decompile the .class if you don't get it.

confuted
05-24-2003, 03:21 PM
In an attempt to figure out if there is, as the wookie suggests, an easier way to do this, I'm going through the code doing a search and replace on the variable names with more descriptive names. Anyone interested in the modified code should PM me.

the Wookie
05-24-2003, 03:41 PM
yeah brute force can't be the only way, because that would also strain his server. can someone send me the class file or the url for level 9? i dont feel like going all through the other 8..lol..too tired and dont have time and im too lazy

XSquared
05-24-2003, 05:35 PM
Here are the two decompiled class files. They're text files, so you can open them in notepad.

I've looked over the source, and the only way to do it is through brute force. As long as 'Ab' is in the password somewhere, it will redirect you.

Sang-drax
05-24-2003, 05:37 PM
vasanth, you've made a mistake!

The files you've generated has upper-case B and C, but it should be lower-case (the server is case-sensitive).

Hehe, two hours of scanning in vain...

confuted
05-24-2003, 05:46 PM
Vasanth! Gah, you make me sad. Are you going to fix that, or are we aborting?

the Wookie
05-24-2003, 06:00 PM
those variable names are a pain in the ass

Sang-drax
05-24-2003, 06:17 PM
Never mind, I found the code for level 9! :D

If you'd like it, PM me... I don't want to spoil anything if you want to try yourselves.

confuted
05-24-2003, 06:19 PM
yeah, they sure are. I didn't finish renaming them...mostly because I don't know Java, but also because I got bored. I think I may have only done two or three names, but it should be helpful, because I got some of the important ones (I think...they could be bad names, but they're still easier to read)

Change the extension on that file to .java

vasanth
05-24-2003, 08:28 PM
guys brute force is the only way.. since the pasword in no way stored in the applet.. it just redirects you to an HTML file based on the password.. and it will do it if there is an Ab in the pass..
any way Sang-drax has finished it.. i have PMed the other two with the password as they were a part of the crackin group.. and sorry guys for generating the URL with upper case.. i did not know the server was case sensitive..

now at level 10.. In level 10 the checking seems to be made at the client side itself.. But uses some complex algorithm to check and does not give away the pass as it is.. but should be easy since no server attack is needed.. any way workin on it.. will PM you if i get the result..

major_small
05-24-2003, 09:02 PM
Originally posted by JaWiB
without knowing what im doing...have you tried on number three getting the name of the user/pass page and then typing in like "admin" or "harry" or somthing for user? a101:root

it's a pain to d/l stuff so i'll help you out with this one...

confuted
05-24-2003, 09:04 PM
I'm in the process of going through the script and simplifying the math expressions...there are ridiculous computations to come out with a constant, just to make the code more complicated...

XSquared
05-24-2003, 09:15 PM
Its quite simple to solve problem 10. Just have it print out each character that it compares t3 to, and then enter that string into the password field, and have it display t3. Its quite simple to reverse-engineer. The encryption and decryption algorithms are exactly the same.

major_small
05-24-2003, 09:22 PM
jeebus... i'm still stuck on level 5...

/edit: nevermind... i got it... it's so obvious now...

confuted
05-24-2003, 09:32 PM
I win. XSquared was right, although I didn't read his post until after I finished. It was pretty easy, and now I finished. I feel cool now.