Index
 |
Hackers Challenge 3 - It took me quite a while but here it is | ||
Discussion by jipman with 29 Replies.
Last Update: October 7, 2005, 12:08 pm (View Latest) | Page 1 of 2 pages. | ||
 |
|||
And here's number 3
Before you try to hack this one, I have ONE hint to give you, if you don't do this right the first time, you may encounter even more difficulty to pass this test, so be carefull. Because this one is full of ambushes.
http://jipman.astahost.com/challenge3.php
ps. I've run out of inspiration now, so it might take me a lot of time to write a nice new challenge 4.
Here's a list of all people who have managed to hack this challenge:
- flachi
ps. I really wonder if someone is going to succeed, if someone pulls this off he/she is seriously good.
Before you try to hack this one, I have ONE hint to give you, if you don't do this right the first time, you may encounter even more difficulty to pass this test, so be carefull. Because this one is full of ambushes.
http://jipman.astahost.com/challenge3.php
ps. I've run out of inspiration now, so it might take me a lot of time to write a nice new challenge 4.
Notice from jipman:
Here's a list of all people who have managed to hack this challenge:
- flachi
ps. I really wonder if someone is going to succeed, if someone pulls this off he/she is seriously good.
Sat Apr 30, 2005 Reply New Discussion
Haha, i just clicked submit on the first time and got banned... 
I'm going to try something else now... >
I'm going to try something else now... >
Fri May 6, 2005 Reply New Discussion
How the heck do you guys do these? I have no idea on how to do any of these challenges.... And I thought I was good at computers!
- AlPal
- AlPal
Sat May 7, 2005 Reply New Discussion
Anyone want to provide clues to this, it is indeed hard, here's things that I need other people's understanding for:
The wording tells us first we must find the guest, trick or no trick?
None Shall Pass, this riddles me but what does it mean.
And then what I understand, and what could help others:
We have a form using the post method, with 3 fieldnames, two are shown and one is hidden.
user="admin" # is there also a guest user?
pass="" # this is what we want to find
id="<?php echo md5($_SERVER['REMOTE_ADDR']); ?>" # one method of how this could be generated.
In the header we're told there's many ambushes, you're only given one chance to get this right, although depends on the verification methods order. You'll be blocked by either IP address or the MD5 encryption of the address. Now the posted information relates back to the same page. action="<?php echo $_SERVER['PHP_SELF']; ?>" quite possibly.
I can't tell if any database is being used, but there's no reason why we can't try SQL Injection on this but could this be a bit too much.
Now lets assume the SQL query
$query = "SELECT * FROM user WHERE user='{$_POST['user']}' AND pass='{$_POST['pass']}'";
There seems to be checks performed on the posted information than anything else, especially the user. Then the next check would be to check if you were banned and if not show the page, however we may not be able to continue if we have been banned. If this is indeed SQL Injection, we have another query to check if we're banned or not.
We maybe able to bypass the banned list or even better, remove it.
First things first, is solving the riddle before attempting to try anything. If you have a dynamic IP, you've got better chances. Static IP, well anonymous web proxies that support the POST and GET methods if needs be.
If anyone has any clues, they should share them.
Cheers,
MC
The wording tells us first we must find the guest, trick or no trick?
None Shall Pass, this riddles me but what does it mean.
And then what I understand, and what could help others:
We have a form using the post method, with 3 fieldnames, two are shown and one is hidden.
user="admin" # is there also a guest user?
pass="" # this is what we want to find
id="<?php echo md5($_SERVER['REMOTE_ADDR']); ?>" # one method of how this could be generated.
In the header we're told there's many ambushes, you're only given one chance to get this right, although depends on the verification methods order. You'll be blocked by either IP address or the MD5 encryption of the address. Now the posted information relates back to the same page. action="<?php echo $_SERVER['PHP_SELF']; ?>" quite possibly.
I can't tell if any database is being used, but there's no reason why we can't try SQL Injection on this but could this be a bit too much.
Now lets assume the SQL query
$query = "SELECT * FROM user WHERE user='{$_POST['user']}' AND pass='{$_POST['pass']}'";
There seems to be checks performed on the posted information than anything else, especially the user. Then the next check would be to check if you were banned and if not show the page, however we may not be able to continue if we have been banned. If this is indeed SQL Injection, we have another query to check if we're banned or not.
We maybe able to bypass the banned list or even better, remove it.
First things first, is solving the riddle before attempting to try anything. If you have a dynamic IP, you've got better chances. Static IP, well anonymous web proxies that support the POST and GET methods if needs be.
If anyone has any clues, they should share them.
Cheers,
MC
Sat May 7, 2005 Reply New Discussion
A quick look at the source reveals an md5 string.
the hidden input field is the key to solving this problem.
This is harder than I thought. I doubt that an SQL Injection will work on this one.
I'm assuming that once you find the "guest" users password, you'll be able to clearly see the admin password.
Hmm... None shall pass, I guess this is just a little cliche statment.
I believe that it's an md5 encyption of the URL that you're banned by.
- whyme
p.s. I just got myself banned on the server, trying different proxies didn't work. damnit.
CODE
<h1>This is the third challenge by Jip Man</h1>This challenge is in my opinion my most difficult one (for now)<p>You only have solved this challenge if you have the admin pass, which will be clearly given to you once you solve the guest<p>Now.. here for the challenge<p><h2>None Shall Pass</h2><form method="post" action="challenge3.php"><input type="text" name="user" value="admin"><input type="password" name="pass"><input type="hidden" name="id" value="69ba754dff7c853960a8a033d3a9eede"><input type="submit" value="Login"></form>the hidden input field is the key to solving this problem.
This is harder than I thought. I doubt that an SQL Injection will work on this one.
I'm assuming that once you find the "guest" users password, you'll be able to clearly see the admin password.
Hmm... None shall pass, I guess this is just a little cliche statment.
I believe that it's an md5 encyption of the URL that you're banned by.
- whyme
p.s. I just got myself banned on the server, trying different proxies didn't work. damnit.
Sat May 7, 2005 Reply New Discussion
Ehm.... maybe it is a little too difficult, so let me give you guys some hints
0. You need the global password
1. NO SQL, PHP only
2. Think before you do because else you might be having trouble finding proxies.
3. READ THE INTRODUCTION, there are NO typo's
4. About the none shall pass, did noone of you watch Monty Python & The holy grail? The scene with the blackknight was the coolest.(not really a hint but you really do have to watch that movie, so funny)
5. decrypting the md5 hash might be worth your while, it gives you quite a good hint. Or you could use logic to figure out what the hash would be ?
6. What is the most used password but also the least secure one?
7. There is no place like 127.0.0.1
8. With all those security checks i implemented, i might have overlooked something don't i?
note. I changed the POST stuff to GET stuff, because it works the same but is easier in use.
ps. if changing proxies doesn't work, i think you did something wrong
have fun
to mastercomputers:
Wow, you are not some mindreading person are you? Good thinking.
just for the heck of it, there are 27 bans activated at the moment
a small note for the none shall pass, it has something to do with hint # 7. But you gotta find out in what matter
0. You need the global password
1. NO SQL, PHP only
2. Think before you do because else you might be having trouble finding proxies.
3. READ THE INTRODUCTION, there are NO typo's
4. About the none shall pass, did noone of you watch Monty Python & The holy grail? The scene with the blackknight was the coolest.(not really a hint but you really do have to watch that movie, so funny)
5. decrypting the md5 hash might be worth your while, it gives you quite a good hint. Or you could use logic to figure out what the hash would be ?
6. What is the most used password but also the least secure one?
7. There is no place like 127.0.0.1
8. With all those security checks i implemented, i might have overlooked something don't i?
note. I changed the POST stuff to GET stuff, because it works the same but is easier in use.
ps. if changing proxies doesn't work, i think you did something wrong
have fun
to mastercomputers:
QUOTE
There seems to be checks performed on the posted information than anything else, especially the user. Then the next check would be to check if you were banned and if not show the page, however we may not be able to continue if we have been banned.Wow, you are not some mindreading person are you? Good thinking
.just for the heck of it, there are 27 bans activated at the moment
a small note for the none shall pass, it has something to do with hint # 7. But you gotta find out in what matter
Sun May 8, 2005 Reply New Discussion
QUOTE
[battle sounds][Black Knight defeats a worthless-piece-of-crap-knight]
ARTHUR: You fight with the strength of many men, Sir knight.
[pause]
I am Arthur, King of the Britons.
[pause]
I seek the finest and the bravest knights in the land to
join me in my Court of Camelot.
[pause]
You have proved yourself worthy; will you join me?
[pause]
You make me sad. So be it. Come, Patsy.
BLACK KNIGHT: None shall pass.
ARTHUR: What?
BLACK KNIGHT: None shall pass.
ARTHUR: I have no quarrel with you, good Sir knight, but I must
cross this bridge.
BLACK KNIGHT: Then you shall die.
ARTHUR: I command you as King of the Britons to stand aside!
BLACK KNIGHT: I move for no man.
ARTHUR: So be it!
[hah]
[parry thrust]
[ARTHUR chops the BLACK KNIGHT's left arm off]
ARTHUR: Now stand aside, worthy adversary.
BLACK KNIGHT: 'Tis but a scratch.
ARTHUR: A scratch? Your arm's off!
BLACK KNIGHT: No, it isn't.
ARTHUR: Well, what's that then?
BLACK KNIGHT: I've had worse.
ARTHUR: You liar!
BLACK KNIGHT: Come on you pansy!
[hah]
[parry thrust]
[ARTHUR chops the BLACK KNIGHT's right arm off]
ARTHUR: Victory is mine!
[kneeling]
We thank thee Lord, that in thy merc-
[Black Knight kicks Arthur in the head while he is praying]
BLACK KNIGHT: Come on then.
ARTHUR: What?
BLACK KNIGHT: Have at you!
ARTHUR: You are indeed brave, Sir knight, but the fight is mine.
BLACK KNIGHT: Oh, had enough, eh?
ARTHUR: Look, you stupid bastard, you've got no arms left.
BLACK KNIGHT: Yes I have.
ARTHUR: Look!
BLACK KNIGHT: Just a flesh wound.
[Headbutts Arthur in the chest]
ARTHUR: Look, stop that.
BLACK KNIGHT: Chicken! Chicken!
ARTHUR: Look, I'll have your leg. Right!
[whop]
[ARTHUR chops the BLACK KNIGHT's leg off]
BLACK KNIGHT: Right, I'll do you for that!
ARTHUR: You'll what?
BLACK KNIGHT: Come 'ere!
ARTHUR: What are you going to do, bleed on me?
BLACK KNIGHT: I'm invincible!
ARTHUR: You're a loony.
BLACK KNIGHT: The Black Knight always triumphs! Have at you!
Come on then.
[whop]
[ARTHUR chops the BLACK KNIGHT's other leg off]
BLACK KNIGHT: All right; we'll call it a draw.
ARTHUR: Come, Patsy.
BLACK KNIGHT: Oh, oh, I see, running away then. You yellow
bastards! Come back here and take what's coming to you. I'll bite
your legs off!
If that's not a funny scene then what is?
Thanks for the hints. Now it might be possible, yet still something I may have overlooked. And there's 30 in the ban list at current.
MC
Mon May 9, 2005 Reply New Discussion
I got 404 error.
I think I should sleep now though it is intersting...
I think I should sleep now though it is intersting...
Mon May 16, 2005 Reply New Discussion
At least you didn't get banned? Or did you
Mon May 16, 2005 Reply New Discussion
QUOTE (jipman)
At least you didn't get banned? Or did you
[post="34363"]<{POST_SNAPBACK}>[/post]
I am not sure. I have to wait until the cache of proxy expire.
Welcome Guest<p>You may view the current ban list ...
Tue May 17, 2005 Reply New Discussion
I solved it. :-D
Wed May 25, 2005 Reply New Discussion
NICHE!
Wed May 25, 2005 Reply New Discussion
Your ban system's broken!
Sat May 28, 2005 Reply New Discussion
Yeah... Something changed on the asta servers
I gotta request SSH again.
Anyway, i fixed the banning problem.
Although it kinda made the challenge a bit easier
I gotta request SSH again.
Anyway, i fixed the banning problem
.Although it kinda made the challenge a bit easier
Sat May 28, 2005 Reply New Discussion
Well... It is not hard at all to do it... You must only read all the clues on the site and slowly debug the site.
Sun May 29, 2005 Reply New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
 Keyboard Cleaner ITS DANGEROUS!! lol. (17)
|
(11) Qwijibows Cracking Challenge difficulty rating... HARD ! 
|