Author |
Topic: Hack Attack (Read 1234 times) |
|
Sir Col
Uberpuzzler
impudens simia et macrologus profundus fabulae
Gender: 
Posts: 1825
|
 |
Hack Attack
« on: Sep 18th, 2003, 2:32pm » |
 Quote  Modify
|
For a couple of years now, I've had a fairly innocent looking, apparently dead-end webpage set up. However, hidden away is the start of a series of hacking challenges.
Amazingly, without this page being indexed anywhere, I get a few hundred hopefuls each month – I honestly don't know how they find the page – but no one has really got that far.
The gauntlet is thrown... can you complete the challenge? The hacking puzzles become increasingly difficult, and require, either a great deal of knowledge about known exploits, or a willingness to research and learn quickly.
The only thing I would ask is that, although there are no general rules as to how you beat it, you do not cause any malicious damage.
Good luck and if you do undertake it, I'd love some feedback
The challenge starts here...
http://wobsoft.com
|
|
 IP Logged |
mathschallenge.net / projecteuler.net
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
 |
Re: Hack Attack
« Reply #1 on: Sep 18th, 2003, 3:01pm » |
Quote Modify
|
The first two level are easy, and I got passed 3a with the hardly known Lynx browser..
It's an interesting puzzle so far..
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
Mike_V
Junior Member
Gender:
Posts: 60
|
|
Re: Hack Attack
« Reply #2 on: Apr 14th, 2004, 11:12am » |
Quote Modify
|
Could I maybe have a hint on getting to 3a? (past the hint it gives)
I tried connecting via telnet, but not sure what to do.
|
|
IP Logged |
Don't specify the unspecified.
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Hack Attack
« Reply #3 on: Apr 14th, 2004, 12:15pm » |
Quote Modify
|
It's been a while.. but if I recall you have to make the server think you are a different browser than you actually are. So basicly the browser needs to lie, and give a different identification, in lynx (a small text-based browser) you can easily change that somewhere in a menu..
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
Sir Col
Uberpuzzler
impudens simia et macrologus profundus fabulae
Gender:
Posts: 1825
|
|
Re: Hack Attack
« Reply #4 on: Apr 15th, 2004, 2:54am » |
Quote Modify
|
As towr said you need to manipulate the HTTP headers. In particular you'll need to change the User-Agent field.
You have a number of options: (i) download a proxy manager, which allows you to customise out-going headers, (ii) write a Perl/PHP script or use a programming language with internet protocol libraries, (iii) find a web page that has a nifty script already down.
I shouldn't be doing this, but in light of (iii) being the easiest approach, you might like to check out this rather clever page (bravo, Rex Swain, whoever you are):
http://www.rexswain.com/httpview.html
I'll let you work out how to use the page properly. After all it is supposed to be a challenge. 
|
| « Last Edit: Apr 15th, 2004, 2:56am by Sir Col » |
IP Logged |
mathschallenge.net / projecteuler.net
|
|
|
John_Gaughan
Uberpuzzler
Behold, the power of cheese!
    
Gender:
Posts: 767
|
|
Re: Hack Attack
« Reply #5 on: Apr 15th, 2004, 6:42am » |
Quote Modify
|
on Sep 18th, 2003, 2:32pm, Sir Col wrote:| Amazingly, without this page being indexed anywhere, I get a few hundred hopefuls each month – I honestly don't know how they find the page – but no one has really got that far. |
|
One word: Google. You would be amazed what it can find. Someone probably linked to your site. Also, I suspect it trolls the DNS and tries domain names, i.e. it puts a "http://" in front of it and tries to load it. I have no way of proving this, just a suspicion.
|
|
IP Logged |
x = (0x2B | ~0x2B)
x == the_question
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Hack Attack
« Reply #6 on: Apr 15th, 2004, 7:29am » |
Quote Modify
|
Could you give a hint at how I can get past level 4, I've tried throwing a dictionary at the admin password, but I couldn't crack it. (Not that it was a tremendously good dictionary, but still)
|
| « Last Edit: Apr 15th, 2004, 7:30am by towr » |
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
kellys
Junior Member
Gender:
Posts: 78
|
|
Re: Hack Attack
« Reply #7 on: Apr 16th, 2004, 12:49am » |
Quote Modify
|
Alright towr, I don't want to go through decrypting stuff, but I did get the password. Maybe we can work this one together...
::So the username is jess, as for the password, my second guess of "jess" worked (first guess was 1234). Then I got a login page, and the source told me where to find the password file. It's at
wobsoft.com/passwords.txt
I know that once you have a password and the password file, it become much easier to decrypt the rest, but I don't know the specifics.::
|
|
IP Logged |
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Hack Attack
« Reply #8 on: Apr 16th, 2004, 1:00am » |
Quote Modify
|
I don't see how knowing a password and having the password file helps decrypt the other passwords. The encryption method is a one way thing.
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
kellys
Junior Member
Gender:
Posts: 78
|
|
Re: Hack Attack
« Reply #9 on: Apr 16th, 2004, 1:14am » |
Quote Modify
|
Perhaps it is something my sysadmins just made up to scare me into having longer passwords, but this is what I hear.
|
|
IP Logged |
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Hack Attack
« Reply #10 on: Apr 16th, 2004, 1:20am » |
Quote Modify
|
well the length certainly does matter, since you can try out every short sequence of letters quite easily.. if it's all non-capital letters, everything up to length 7 or 8 can be done within a few hours. (add capitals to the mix and it takes 128 or 256 times longer, add numbers and other symbols and it's becoming really laborious)
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
John_Gaughan
Uberpuzzler
Behold, the power of cheese!
Gender:
Posts: 767
|
|
Re: Hack Attack
« Reply #11 on: Apr 16th, 2004, 5:57am » |
Quote Modify
|
on Apr 16th, 2004, 12:49am, kellys wrote:| I know that once you have a password and the password file, it become much easier to decrypt the rest, but I don't know the specifics. |
|
If you have one password in both cleartext and hashed, you can try different hashing algorithms until you hash it correctly. Since they are all in the same passwd file you know they all use the same algorithm. Granted there are not too many algorithms in use on production systems, but it will cut down on time.
Of course, if it is a passwd file and does not use shadow passwords, odds are it uses the Unix crypt() function with salt.
|
|
IP Logged |
x = (0x2B | ~0x2B)
x == the_question
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Hack Attack
« Reply #12 on: Apr 16th, 2004, 10:40am » |
Quote Modify
|
yep, it does.. And knowing that hasn't helped me so far..
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
Sir Col
Uberpuzzler
impudens simia et macrologus profundus fabulae
Gender:
Posts: 1825
|
|
Re: Hack Attack
« Reply #13 on: Apr 16th, 2004, 4:36pm » |
Quote Modify
|
It sounds like you're close, but why reinvent the wheel? Have you tried entering the hashed password for Admin (XL9QmGpOAPIgU)? It gives you a clue... johntheripper: a very fast and efficient brute attack programme that works on DES hashed password files; with a reasonable dictionary file it should find the password in a few seconds.
|
|
IP Logged |
mathschallenge.net / projecteuler.net
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Hack Attack
« Reply #14 on: Apr 17th, 2004, 6:44am » |
Quote Modify
|
I had tried googling for the password, but it gave me nothing, and a general search for a good cracker didn't help me either..
But I'll try again after the weekend.. (when I'm back at my own computer)
|
| « Last Edit: Apr 17th, 2004, 6:49am by towr » |
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
Source
Newbie
Posts: 2
|
|
Re: Hack Attack
« Reply #15 on: Apr 29th, 2004, 6:01pm » |
Quote Modify
|
Just wanted to say I have had a great time with this.
I have made it about as far as towr had, yet I have a question. I used the DES prog, and came up with the first password for level 4, but I need admin access. After viewing the source and everything I have came up with nothing...
Now the track that I am on is it has something to do with
/home/jessica:/bin/csh (Am I way off here?)
Yet I have tried it a dozen or so times different ways to try to somehow find access to the password file I need. Maybe I am missing something though.
Gonna keep going with this, and Thanks for assistance in advance..
Source
|
|
IP Logged |
|
|
|
Sir Col
Uberpuzzler
impudens simia et macrologus profundus fabulae
Gender:
Posts: 1825
|
|
Re: Hack Attack
« Reply #16 on: Apr 30th, 2004, 5:15am » |
Quote Modify
|
Hi Source! Nice work so far and I'm glad you're enjoying it.
The parts of the "password string" you're looking at would refer to the home directory for the user and the shell; the Admin user's shell would be the root directory, giving them access to all folders. That part of the string is not needed.
You'll need to look elsewhere to find the password string for Admin (which contains the password hash). Examine the source of the page (for Admin user) carefully. It seems that the idiot who set up this server has left the path to the password file! 
|
| « Last Edit: Apr 30th, 2004, 5:17am by Sir Col » |
IP Logged |
mathschallenge.net / projecteuler.net
|
|
|
Source
Newbie
Posts: 2
|
|
Re: Hack Attack
« Reply #17 on: Apr 30th, 2004, 4:08pm » |
Quote Modify
|
Figured it out
working on figuring out access to 6
Source
Finished it out.....Nice word there for the end...was a fun challenge..
Thanks again
Source
|
| « Last Edit: Apr 30th, 2004, 5:54pm by Source » |
IP Logged |
|
|
|
|
RIDDLES SITE
WRITE MATH!
Home 
Help 
Search 
Members 
Login 
Register
Reply
Notify of replies
Send Topic
Print