wu :: forums
« wu :: forums - Hack Attack »

Welcome, Guest. Please Login or Register.
Dec 23rd, 2024, 8:35am

RIDDLES SITE WRITE MATH! Home Home Help Help Search Search Members Members Login Login Register Register
   wu :: forums
   riddles
   hard
(Moderators: SMQ, ThudnBlunder, william wu, towr, Grimbal, Eigenray, Icarus)
   Hack Attack
« Previous topic | Next topic »
Pages: 1  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print
   Author  Topic: Hack Attack  (Read 1242 times)
Sir Col
Uberpuzzler
*****




impudens simia et macrologus profundus fabulae

   
WWW

Gender: male
Posts: 1825
Hack Attack  
« on: Sep 18th, 2003, 2:32pm »
Quote Quote Modify Modify

For a couple of years now, I've had a fairly innocent looking, apparently dead-end webpage set up. However, hidden away is the start of a series of hacking challenges.
 
Amazingly, without this page being indexed anywhere, I get a few hundred hopefuls each month – I honestly don't know how they find the page – but no one has really got that far.
 
The gauntlet is thrown... can you complete the challenge? The hacking puzzles become increasingly difficult, and require, either a great deal of knowledge about known exploits, or a willingness to research and learn quickly.
 
The only thing I would ask is that, although there are no general rules as to how you beat it, you do not cause any malicious damage.
 
Good luck and if you do undertake it, I'd love some feedback
 
The challenge starts here...
http://wobsoft.com
IP Logged

mathschallenge.net / projecteuler.net
towr
wu::riddles Moderator
Uberpuzzler
*****



Some people are average, some are just mean.

   


Gender: male
Posts: 13730
Re: Hack Attack  
« Reply #1 on: Sep 18th, 2003, 3:01pm »
Quote Quote Modify Modify

The first two level are easy, and I got passed 3a with the hardly known Lynx browser..
It's an interesting puzzle so far..
 
IP Logged

Wikipedia, Google, Mathworld, Integer sequence DB
Mike_V
Junior Member
**





   
Email

Gender: male
Posts: 60
Re: Hack Attack  
« Reply #2 on: Apr 14th, 2004, 11:12am »
Quote Quote Modify Modify

Could I maybe have a hint on getting to 3a? (past the hint it gives)
 
I tried connecting via telnet, but not sure what to do.
IP Logged

Don't specify the unspecified.
towr
wu::riddles Moderator
Uberpuzzler
*****



Some people are average, some are just mean.

   


Gender: male
Posts: 13730
Re: Hack Attack  
« Reply #3 on: Apr 14th, 2004, 12:15pm »
Quote Quote Modify Modify

It's been a while.. but if I recall you have to make the server think you are a different browser than you actually are. So basicly the browser needs to lie, and give a different identification, in lynx (a small text-based browser) you can easily change that somewhere in a menu..
IP Logged

Wikipedia, Google, Mathworld, Integer sequence DB
Sir Col
Uberpuzzler
*****




impudens simia et macrologus profundus fabulae

   
WWW

Gender: male
Posts: 1825
Re: Hack Attack  
« Reply #4 on: Apr 15th, 2004, 2:54am »
Quote Quote Modify Modify

As towr said you need to manipulate the HTTP headers. In particular you'll need to change the User-Agent field.
 
You have a number of options: (i) download a proxy manager, which allows you to customise out-going headers, (ii) write a Perl/PHP script or use a programming language with internet protocol libraries, (iii) find a web page that has a nifty script already down.
 
I shouldn't be doing this, but in light of (iii) being the easiest approach, you might like to check out this rather clever page (bravo, Rex Swain, whoever you are):
http://www.rexswain.com/httpview.html
 
I'll let you work out how to use the page properly. After all it is supposed to be a challenge. Wink
« Last Edit: Apr 15th, 2004, 2:56am by Sir Col » IP Logged

mathschallenge.net / projecteuler.net
John_Gaughan
Uberpuzzler
*****



Behold, the power of cheese!

5187759 5187759   john23874   SnowmanJTG
WWW Email

Gender: male
Posts: 767
Re: Hack Attack  
« Reply #5 on: Apr 15th, 2004, 6:42am »
Quote Quote Modify Modify

on Sep 18th, 2003, 2:32pm, Sir Col wrote:
Amazingly, without this page being indexed anywhere, I get a few hundred hopefuls each month – I honestly don't know how they find the page – but no one has really got that far.

One word: Google. You would be amazed what it can find. Someone probably linked to your site. Also, I suspect it trolls the DNS and tries domain names, i.e. it puts a "http://" in front of it and tries to load it. I have no way of proving this, just a suspicion.
IP Logged

x = (0x2B | ~0x2B)
x == the_question
towr
wu::riddles Moderator
Uberpuzzler
*****



Some people are average, some are just mean.

   


Gender: male
Posts: 13730
Re: Hack Attack  
« Reply #6 on: Apr 15th, 2004, 7:29am »
Quote Quote Modify Modify

Could you give a hint at how I can get past level 4, I've tried throwing a dictionary at the admin password, but I couldn't crack it. (Not that it was a tremendously good dictionary, but still)
« Last Edit: Apr 15th, 2004, 7:30am by towr » IP Logged

Wikipedia, Google, Mathworld, Integer sequence DB
kellys
Junior Member
**





   


Gender: male
Posts: 78
Re: Hack Attack  
« Reply #7 on: Apr 16th, 2004, 12:49am »
Quote Quote Modify Modify

Alright towr, I don't want to go through decrypting stuff, but I did get the password.  Maybe we can work this one together...
::So the username is jess, as for the password, my second guess of "jess" worked (first guess was 1234).  Then I got a login page, and the source told me where to find the password file.  It's at
 
wobsoft.com/passwords.txt
 
I know that once you have a password and the password file, it become much easier to decrypt the rest, but I don't know the specifics.
::
IP Logged
towr
wu::riddles Moderator
Uberpuzzler
*****



Some people are average, some are just mean.

   


Gender: male
Posts: 13730
Re: Hack Attack  
« Reply #8 on: Apr 16th, 2004, 1:00am »
Quote Quote Modify Modify

I don't see how knowing a password and having the password file helps decrypt the other passwords. The encryption method is a one way thing.
IP Logged

Wikipedia, Google, Mathworld, Integer sequence DB
kellys
Junior Member
**





   


Gender: male
Posts: 78
Re: Hack Attack  
« Reply #9 on: Apr 16th, 2004, 1:14am »
Quote Quote Modify Modify

Perhaps it is something my sysadmins just made up to scare me into having longer passwords, but this is what I hear.
IP Logged
towr
wu::riddles Moderator
Uberpuzzler
*****



Some people are average, some are just mean.

   


Gender: male
Posts: 13730
Re: Hack Attack  
« Reply #10 on: Apr 16th, 2004, 1:20am »
Quote Quote Modify Modify

well the length certainly does matter, since you can try out every short sequence of letters quite easily.. if it's all non-capital letters, everything up to length 7 or 8 can be done within a few hours. (add capitals to the mix and it takes 128 or 256 times longer, add numbers and other symbols and it's becoming really laborious)
IP Logged

Wikipedia, Google, Mathworld, Integer sequence DB
John_Gaughan
Uberpuzzler
*****



Behold, the power of cheese!

5187759 5187759   john23874   SnowmanJTG
WWW Email

Gender: male
Posts: 767
Re: Hack Attack  
« Reply #11 on: Apr 16th, 2004, 5:57am »
Quote Quote Modify Modify

on Apr 16th, 2004, 12:49am, kellys wrote:
I know that once you have a password and the password file, it become much easier to decrypt the rest, but I don't know the specifics.

 
If you have one password in both cleartext and hashed, you can try different hashing algorithms until you hash it correctly. Since they are all in the same passwd file you know they all use the same algorithm. Granted there are not too many algorithms in use on production systems, but it will cut down on time.
 
Of course, if it is a passwd file and does not use shadow passwords, odds are it uses the Unix crypt() function with salt.
IP Logged

x = (0x2B | ~0x2B)
x == the_question
towr
wu::riddles Moderator
Uberpuzzler
*****



Some people are average, some are just mean.

   


Gender: male
Posts: 13730
Re: Hack Attack  
« Reply #12 on: Apr 16th, 2004, 10:40am »
Quote Quote Modify Modify

yep, it does.. And knowing that hasn't helped me so far..
IP Logged

Wikipedia, Google, Mathworld, Integer sequence DB
Sir Col
Uberpuzzler
*****




impudens simia et macrologus profundus fabulae

   
WWW

Gender: male
Posts: 1825
Re: Hack Attack  
« Reply #13 on: Apr 16th, 2004, 4:36pm »
Quote Quote Modify Modify

It sounds like you're close, but why reinvent the wheel? Have you tried entering the hashed password for Admin (XL9QmGpOAPIgU)? It gives you a clue... johntheripper: a very fast and efficient brute attack programme that works on DES hashed password files; with a reasonable dictionary file it should find the password in a few seconds. Wink
IP Logged

mathschallenge.net / projecteuler.net
towr
wu::riddles Moderator
Uberpuzzler
*****



Some people are average, some are just mean.

   


Gender: male
Posts: 13730
Re: Hack Attack  
« Reply #14 on: Apr 17th, 2004, 6:44am »
Quote Quote Modify Modify

I had tried googling for the password, but it gave me nothing, and a general search for a good cracker didn't help me either..
But I'll try again after the weekend.. (when I'm back at my own computer)
« Last Edit: Apr 17th, 2004, 6:49am by towr » IP Logged

Wikipedia, Google, Mathworld, Integer sequence DB
Source
Newbie
*





   
Email

Posts: 2
Re: Hack Attack  
« Reply #15 on: Apr 29th, 2004, 6:01pm »
Quote Quote Modify Modify

Just wanted to say I have had a great time with this.  
 
I have made it about as far as towr had, yet I have a question.  I used the DES prog, and came up with the first password for level 4, but I need admin access.  After viewing the source and everything I have came up with nothing...
 
Now the track that I am on is it has something to do with
 
/home/jessica:/bin/csh  (Am I way off here?)
 
Yet I have tried it a dozen or so times different ways to try to somehow find access to the password file I need.  Maybe I am missing something though.
 
Gonna keep going with this, and Thanks for assistance in advance..
 
Source
IP Logged
Sir Col
Uberpuzzler
*****




impudens simia et macrologus profundus fabulae

   
WWW

Gender: male
Posts: 1825
Re: Hack Attack  
« Reply #16 on: Apr 30th, 2004, 5:15am »
Quote Quote Modify Modify

Hi Source! Nice work so far and I'm glad you're enjoying it.
 
The parts of the "password string" you're looking at would refer to the home directory for the user and the shell; the Admin user's shell would be the root directory, giving them access to all folders. That part of the string is not needed.
 
You'll need to look elsewhere to find the password string for Admin (which contains the password hash). Examine the source of the page (for Admin user) carefully. It seems that the idiot who set up this server has left the path to the password file!  Roll Eyes
« Last Edit: Apr 30th, 2004, 5:17am by Sir Col » IP Logged

mathschallenge.net / projecteuler.net
Source
Newbie
*





   
Email

Posts: 2
Re: Hack Attack  
« Reply #17 on: Apr 30th, 2004, 4:08pm »
Quote Quote Modify Modify

Figured it out  Wink
 
working on figuring out access to 6
 
 
Source
 
Finished it out.....Nice word there for the end...was a fun challenge..
 
Thanks again
 
Source
« Last Edit: Apr 30th, 2004, 5:54pm by Source » IP Logged
Pages: 1  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board