wu :: forums
        (http://www.ocf.berkeley.edu/~wwu/cgi-bin/yabb/YaBB.cgi)
      

        riddles >> hard >> Hack Attack
        
(Message started by: Sir Col on Sep 18th, 2003, 2:32pm)
Title: Hack Attack
Post by Sir Col on Sep 18th, 2003, 2:32pm
For a couple of years now, I've had a fairly innocent looking, apparently dead-end webpage set up. However, hidden away is the start of a series of hacking challenges.

Amazingly, without this page being indexed anywhere, I get a few hundred hopefuls each month – I honestly don't know how they find the page – but no one has really got that far.

The gauntlet is thrown... can you complete the challenge? The hacking puzzles become increasingly difficult, and require, either a great deal of knowledge about known exploits, or a willingness to research and learn quickly.

The only thing I would ask is that, although there are no general rules as to how you beat it, you do not cause any malicious damage.

Good luck and if you do undertake it, I'd love some feedback

The challenge starts here...
http://wobsoft.com
Title: Re: Hack Attack
Post by towr on Sep 18th, 2003, 3:01pm
The first two level are easy, and I got passed 3a with the hardly known Lynx browser..
It's an interesting puzzle so far..
Title: Re: Hack Attack
Post by Mike_V on Apr 14th, 2004, 11:12am
Could I maybe have a hint on getting to 3a? (past the hint it gives)

I tried connecting via telnet, but not sure what to do.
Title: Re: Hack Attack
Post by towr on Apr 14th, 2004, 12:15pm
It's been a while.. but if I recall you have to make the server think you are a different browser than you actually are. So basicly the browser needs to lie, and give a different identification, in lynx (a small text-based browser) you can easily change that somewhere in a menu..
Title: Re: Hack Attack
Post by Sir Col on Apr 15th, 2004, 2:54am
As towr said you need to manipulate the HTTP headers. In particular you'll need to change the User-Agent field.

You have a number of options: (i) download a proxy manager, which allows you to customise out-going headers, (ii) write a Perl/PHP script or use a programming language with internet protocol libraries, (iii) find a web page that has a nifty script already down.

I shouldn't be doing this, but in light of (iii) being the easiest approach, you might like to check out this rather clever page (bravo, Rex Swain, whoever you are):
http://www.rexswain.com/httpview.html

I'll let you work out how to use the page properly. After all it is supposed to be a challenge. ;)
Title: Re: Hack Attack
Post by John_Gaughan on Apr 15th, 2004, 6:42am

on 09/18/03 at 14:32:11, Sir Col wrote:
Amazingly, without this page being indexed anywhere, I get a few hundred hopefuls each month – I honestly don't know how they find the page – but no one has really got that far.

One word: Google. You would be amazed what it can find. Someone probably linked to your site. Also, I suspect it trolls the DNS and tries domain names, i.e. it puts a "http://" in front of it and tries to load it. I have no way of proving this, just a suspicion.
Title: Re: Hack Attack
Post by towr on Apr 15th, 2004, 7:29am
Could you give a hint at how I can get past level 4, I've tried throwing a dictionary at the admin password, but I couldn't crack it. (Not that it was a tremendously good dictionary, but still)
Title: Re: Hack Attack
Post by kellys on Apr 16th, 2004, 12:49am
Alright towr, I don't want to go through decrypting stuff, but I did get the password.  Maybe we can work this one together...
::[hide]So the username is jess, as for the password, my second guess of "jess" worked (first guess was 1234).  Then I got a login page, and the source told me where to find the password file.  It's at

wobsoft.com/passwords.txt

I know that once you have a password and the password file, it become much easier to decrypt the rest, but I don't know the specifics.[/hide]::
Title: Re: Hack Attack
Post by towr on Apr 16th, 2004, 1:00am
I don't see how knowing a password and having the password file helps decrypt the other passwords. The encryption method is a one way thing.
Title: Re: Hack Attack
Post by kellys on Apr 16th, 2004, 1:14am
Perhaps it is something my sysadmins just made up to scare me into having longer passwords, but this is what I hear.
Title: Re: Hack Attack
Post by towr on Apr 16th, 2004, 1:20am
well the length certainly does matter, since you can try out every short sequence of letters quite easily.. if it's all non-capital letters, everything up to length 7 or 8 can be done within a few hours. (add capitals to the mix and it takes 128 or 256 times longer, add numbers and other symbols and it's becoming really laborious)
Title: Re: Hack Attack
Post by John_Gaughan on Apr 16th, 2004, 5:57am

on 04/16/04 at 00:49:16, kellys wrote:
I know that once you have a password and the password file, it become much easier to decrypt the rest, but I don't know the specifics.


If you have one password in both cleartext and hashed, you can try different hashing algorithms until you hash it correctly. Since they are all in the same passwd file you know they all use the same algorithm. Granted there are not too many algorithms in use on production systems, but it will cut down on time.

Of course, if it is a passwd file and does not use shadow passwords, odds are it uses the Unix crypt() function with salt.
Title: Re: Hack Attack
Post by towr on Apr 16th, 2004, 10:40am
yep, it does.. And knowing that hasn't helped me so far..
Title: Re: Hack Attack
Post by Sir Col on Apr 16th, 2004, 4:36pm
It sounds like you're close, but why reinvent the wheel? Have you tried entering the hashed password for Admin (XL9QmGpOAPIgU)? It gives you a clue... [hide]johntheripper: a very fast and efficient brute attack programme that works on DES hashed password files; with a reasonable dictionary file it should find the password in a few seconds[/hide]. ;)
Title: Re: Hack Attack
Post by towr on Apr 17th, 2004, 6:44am
I had tried googling for the password, but it gave me nothing, and a general search for a good cracker didn't help me either..
But I'll try again after the weekend.. (when I'm back at my own computer)
Title: Re: Hack Attack
Post by Source on Apr 29th, 2004, 6:01pm
Just wanted to say I have had a great time with this.  

I have made it about as far as towr had, yet I have a question.  I used the DES prog, and came up with the first password for level 4, but I need admin access.  After viewing the source and everything I have came up with nothing...

Now the track that I am on is it has something to do with

/home/jessica:/bin/csh  (Am I way off here?)

Yet I have tried it a dozen or so times different ways to try to somehow find access to the password file I need.  Maybe I am missing something though.

Gonna keep going with this, and Thanks for assistance in advance..

Source
Title: Re: Hack Attack
Post by Sir Col on Apr 30th, 2004, 5:15am
Hi Source! Nice work so far and I'm glad you're enjoying it.

The parts of the "password string" you're looking at would refer to the home directory for the user and the shell; the Admin user's shell would be the root directory, giving them access to all folders. That part of the string is not needed.

You'll need to look elsewhere to find the password string for Admin (which contains the password hash). Examine the source of the page (for Admin user) carefully. It seems that the idiot who set up this server has left the path to the password file!  ::)
Title: Re: Hack Attack
Post by Source on Apr 30th, 2004, 4:08pm
Figured it out  ;)

working on figuring out access to 6


Source

Finished it out.....Nice word there for the end...was a fun challenge..

Thanks again

Source


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board