34 replies to this topic

[gagsec]

Simple game with a few levels - requires skills such as common sense, creativity, http, generic understanding of programming, common encryption formats, etc.
Depending on your skills it can be a learning practice or a few minutes of fun & a sense of accomplishment. :-)

http://hax.tor.hu/

List of user levels:

Level 1. Make a nasa.gov URL display a text of my choice
Level 2. debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2
Level 3. Recognize
Level 4. IP address is 72.14.207.99. What contains 'pass' that points to it?
Level 5. Password is the owl's name
Level 6. Let's see you do some easy SQL ninjitsu
Level 7. snifflog.txt - ngrep format
Level 8. Password is on a picture: not available from anywhere
Level 9. Elementary Maths
Level 10. A poem
Level 11. As simple as hashing a string
Level 12. Ultra Turing
Level 13. PHP with source - needs exploiting and/or o-o-t-b thinking
Level 14. Recognize #2
Level 15. download.com's uptime
Level 16. root:hsmfs;g@10.0.0.5
Level 17. Feed me!
Level 18. Find all usernames
Level 19. red+blue+green = ?
Level 20. Recognize #3
Level 21. Backdoor on a suspended domain
Level 22. MS-Word
Level 23. Too easy
Level 24. Defense Intelligence Agency
Level 25. BitNinja
Level 26. PHP filemaneger with source - needs more exploit
Level 27. The photo doesn't load
Level 28. telnet://hax.tor.hu:1800 - Google Word Game
Level 29. Circumvent PHP filters for XSS
Level 30. Create the given image using a number
Level 31. Find all usernames v2.0
Level 32. Exploit file2image.php
Level 33. Forged DNS
Level 34. Defense Information Systems Agency - 199.57.1.130
Level 35. Password is in the image
Level 36. password = f(200)
Level 37. Root password needed
Level 38. No info


*** Update: every user can create a shell account to our linux debian. all tcp traffic is routed through tor for anonimity. there's perl, php, python, mtr, gcc, etc.

[fedrus]

Thanks, trying these out now - I'm somewhere in between knowledge wise, and it's always nice to mess around on 'legal hacking'

I've tried some other 'legal' hacking stuff like www.hackthissite.org - always fun.

[gagsec]

Glad to see somebody still cares. I know hackthissite, but somehow I don't fancy any of those challenges.
By the way, so far only two people got to registration, and out of those two only one made it to level 2.
What I don't understand is, some people go through the 5 warmup levels to get to the one that involves nasa.gov
And the second guy didn't even try it... Anyway, good luck to everyone trying it out.
*Cheers*

[SuRGeoN]

It's really fun but i'm stuck at level0 hehehehe

[nihoho]

By the way, so far only two people got to registration, and out of those two only one made it to level 2.
What I don't understand is, some people go through the 5 warmup levels to get to the one that involves nasa.gov

How do you know how many people made it to registration? I can't find any statistics page or anything.. It's a great idea, and the warmup challenges very fun..

Anyway, I can't remember the last time I had this much fun with a site I just made it past the NASA challenge.. wish me luck!

PS: it would be cool to have a live ranking page, to see who's ahead My handle is zer0, btw..

[nihoho]

Wow.. I made it to Level 3! At first glance, it looks like a classical cryptography problem.. At least that's how I'll approach it for now. This is FUN! Could anyone please post a ranking?

[gagsec]

Thanks for the positive reviews. I made another 5 levels with stuff like mssql snifflog, sql injection, virtual hosting lookup, etc. By the end of the day, there will be realtime statistics.

[blackhat420]

Cool site gagsec!

[shakuni]

Simple & Fun Challenges To Solve, hax.tor.hu

fun, YES.
simple, NO.

[nihoho]

Simple & Fun Challenges To Solve, hax.tor.hu

fun, YES.
simple, NO.

Granted, they're not simple, but they're not extremely hard either.. they're challenging because they force you to think "out of the box" I love them..

gagsec, thanks for the additional levels, I can't wait to get my hands on them. I'm really looking forward to the statistics page..

[gagsec]

fun, YES.
simple, NO.

C'mon. Des, base64, connecting to an open service, substituting characters, xss, sql injection - not exactly rocket science.

Granted, they're not simple, but they're not extremely hard either.. they're challenging because they force you to think "out of the box" I love them..

Wow thanks that sounds nice but I don't think it has much truth regarding the warmup levels.

gagsec, thanks for the additional levels, I can't wait to get my hands on them. I'm really looking forward to the statistics page..

The stats are now at the bottom. Congrats for completing 5+3 levels

[nihoho]

gagsec, thanks for the additional levels, I can't wait to get my hands on them. I'm really looking forward to the statistics page..

You haven't gotten your hands on level 4 yet And lev3 still needs a solution. The stats are now at the bottom.
ps: you came pretty close to getting to lev4. the thinking was perfectly OK - no trap doors, having to figure out what mood the creator was in, etc etc. Just don't screw up / miss characters.

lev3 just got a solution.. I kept missing characters, and of course the results got screwed up That was really frustrating, in a fun way of course..

Off to sleep, tomorrow evening it's on to lvl 4..

[nihoho]

Well, I made it to the finish line, I guess I wholeheartedly recommend these challenges which literally kept me up at night and brought back memories of times long gone, when I was younger and did things.

gagsec, thank you for putting your time into this.. for the others, keep going, it's really worth the challenge.

PS: I'm not convinced I finished yet.. why else would there be a password box on that level?

Quote: "Of course I'm paranoid, but am I paranoid enough?"

[gagsec]

PS: I'm not convinced I finished yet.. why else would there be a password box on that level?

You were pretty fast with the snifflog + decryption, you ate up the fifo before more data came. There are 4 more levels now :-) Good job BTW!

ps: The people in the user list might be bothered in the near future with job offers. I hope it isn't a big problem

hax.tor.hu has a new poster

[polpotx]

The first warmup challs ware quite funny and i enjoyed them.

Good job gagsec.