Please don't give away the things you need to do to solve the challenges, this would spoil the puzzle for everyone. You may give hints, but not something like, 'download this and do this ... '
last time i played this game, i just used telnet. and fed it a special html request.
but this server is beeing annoying, it closes the connection as soon as i enter the GET line, before i manage to pass the Host variable.. and therefore i get a 404, because its looking on the main astahost folder (same ip address and all that)
ive tried passing the keep-alive part before i start typign out the GET. but that just kills the connection without any retured html code.
i cant be botheres to re-compile forefox, so now im trying to make sence of hping.
so.. the server disconnects after the first transmittion. ive tried to put the whole reguest into a single transmition using \r and \n escape sequences, hoping they will be interpreted as a newline by the server. they are not.
so captured the 3 important packets in an http request. using ethereal.
the first packet is a SYN packet, the second packet is a ACK, and the 3rd is the actuall http request.
i modified the 3rd packet to report firefox version 7.77, then i sent out SYN packet, when the server responded i sent the ACK packet... THEN i transmitted my modified http packet.
so as far as the server is concerned, we have just dont a handshake, and sent a request...
but the reply tells me im not inbvited to the party.
At this point, i decided to cheat...
i downloaded the firefox pluggin that automatically spoofs the user agent, i set it to spoof firefot version 7.77 and im STILL not invited ot the party...
have you managed to pass this test yourself ? im hoping you set it up wrong
Jipman, i asked you for help in a PM, then figured out the answer anyways, tried to send you anouther PM to tell you i got it, and not to bother, but i cant because your PM INBOX is full
So just so you know, i did answer this 1 all by myself.. add me to your wll of fame
Just to proove it, a little segment of code that woont give the answer away to anyone....
QUOTE
a95c530a7af5f492a74499e70578d1
yeah so what if this challlenge has been out for months.. im still 3rd where's my bronze medal ?
slow and steady wins the race....
lol, i cant believe i didnt get it straight away, i blame jipman for using 456.789 as part of an IP LOL
Normally, when you send information over a network, the perating system generates TCP/IP packets containing your data.
The packet contains to and from addresses and ports, it contains flags like SYN / ACK. it contians hardware MAC addresses, and lots of other information.
when you use telnet, you send a payload (data in text) which your operating system splits into groups, and inserts into packets./ The packets are created by the operating system Kernel.
Using packet crafting software like hping2 (http://hping.org) a user has full controll over the packet.
The user can send anything across the network, even if its complete jibberish.
You could put a http request into a ping packet. Lets say computer X is behind a router (NAT) and downloading a file from website Y. you could craft a data packet that computer X will think is part of the download from computer Y. corrupting the download, and possably inserting virii code into a download. (this would be very very diffucult however)
you han have loads of fun bomarding your firewalls with strange information, and possably find weaknesses, and improve your securety.
it seems the hping wikki is down at the moment, but it shows some cool ideas that would allow a completely un-tracable port scan.
it even allows you to communicate through the firewall of a compromised machine, by sniffing packets at the hardware level, before they get to your software firewall.
Hey all, A computer noob here when it comes to the technical stuff..would really appreciate it
someone sheds some light on what's going on. /unsure.gif" style="vertical-align:middle"
emoid=":unsure:" border="0" alt="unsure.gif" /> My pc was working fine until several weeks ago,
when the time/date doesn't update itself everytime I boot my computer and I had to manually
update it. A week or so after, my pc refuses to boot properly until F1 is pressed. Finally, the day
came when my pc couldn't be powered on like usual. I'd jam the switch a million times....
NO MORE CHALLENGE Because I'm leaving Astahost. Reason-I'm a member in too many sites. Bye
Everyone /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />....
NO MORE CHALLENGE Because I'm leaving Astahost. Reason-I'm a member in too many sites. Bye
Everyone /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />....
So far these are just surgested rules by my (qwijibow) What do you guys think ? (im not sure about
#3) please add to / subtract from as you see fit. but i think you will agree this forum requires
one or 2 additions to the main board rules. 1) You MUST have designed and setup the challenge
yourself. 2) For challenges where you attack the server itself you must own the target server, or
have permission from the server owner. 3) You must be capable of completing your own challenge.
jipman : changed rule 2 a bit....
Astahost I have fallen into the likeing of Hacking Challenges and made my own. Its very easy if you
know how to edit batch files. Please do not give to many hints and please if you find the password
in the file PM me it and do not post it here. Ill edit this post with the names of people who have
completed the challenge. Now for the file Challenge Good Luck People who have completed my
challenge Jipman vizskywalker Dragon5225 Moonwitch wanhafizi Philywiskaz overture
runefantasy operator goose ....
i made this little crack me here for all of you. The program will be hard to crack. The program is
protected by two differnet packers, then the serial is protected by a special code /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" />. CODE -----------------
To do: ----------------- Unpack Get rid of Nags Keygen the Serial ----------------- Contact:
----------------- When you have cracked this crackme, please send your results in a RAR or Zip
archive . Please send your name/nick along with the mail. Email: thomascharriere@gmail.....
Well, I couldn't resist not making one myself, so here it goes: I have a little VB App that
will ask for your username and password, and will give you an "access key" once you get the right
info, this is pain-stakingly easy (heck, you don't even need to know the username and password -
big hint. /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /> ),
but, this is just to rev up your engines, as this is part 1 of my four part VB/PHP/MySQL/C++
Cracking Challenge. Each challange will connect onto the next challenge, so the end prod....
Notice from qwjiibow:
Challenge completed by.... drum role....
mastercomputers
Hi guys, ive noticed that these web based hacking challenges are quite
popular. so ive decided to release one. Its not web based, it doesnt require much prior knoledge,
but should be quite hard. actually, no, it seems hard, but in fact is very easy, depending on how
many clues i give away. infact, for those of you who really think hard about this, it bmay be too
easy.. i dont know. here is the challenge: I have encrypted a random html webpage that i ha....
And here's number 3 Before you try to hack this one, I have ONE hint to give you, if you
don't do this right the first time, you may encounter even more difficulty to pass this test, so
be carefull. Because this one is full of ambushes. http://jipman.astahost.com/challenge3.php ps.
I've run out of inspiration now, so it might take me a lot of time to write a nice new challenge
4.
Notice from jipman:
Here's a list of all people who have
managed to hack this challenge: - flachi
ps. I really wonder if someone is g....
Hi guys, As you might have read in the other posts, I have made some hacker challenges. This
because I want to increase my own coding skills as well as improving yours and of course I want you
guys to have something like a weekly puzzle. The passwords you'll be asked to find are
nothing, they do nothing, they mean nothing. So it's no use asking for them since them you
missed the whole exploiting part. I am planning to make challenges so as long as 1. There is
shown interest in them 2. I still have inspiration Just 2 /tongue.gif" style="vertical-align:midd....
Notice from jipman:
Please don't give away the things you need
to do to solve the challenges, this would spoil the puzzle for everyone. You may give hints, but not
something like, 'download this and do this ... ' I hope you guys understand /smile.gif"
style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />
Regarding the interest
for so called hacking challenges I've created one on my own homepage
http://jipman.astahost.com/challenge.php Please give it a try Final note: You have only really
hacked....
