Government Security
Network Security Resources

Jump to content

Photo

Simple & Fun Challenges To Solve


  • Please log in to reply
34 replies to this topic

#1 gagsec

gagsec

    Private

  • Members
  • 11 posts

Posted 21 October 2007 - 03:38 PM

Simple game with a few levels - requires skills such as common sense, creativity, http, generic understanding of programming, common encryption formats, etc.
Depending on your skills it can be a learning practice or a few minutes of fun & a sense of accomplishment. :-)

http://hax.tor.hu/

List of user levels:

Level 1. Make a nasa.gov URL display a text of my choice
Level 2. debfKNH1AvtBo deGH9Aq./kiSY denjFRfA8kzL2
Level 3. Recognize
Level 4. IP address is 72.14.207.99. What contains 'pass' that points to it?
Level 5. Password is the owl's name
Level 6. Let's see you do some easy SQL ninjitsu
Level 7. snifflog.txt - ngrep format
Level 8. Password is on a picture: not available from anywhere
Level 9. Elementary Maths
Level 10. A poem
Level 11. As simple as hashing a string
Level 12. Ultra Turing
Level 13. PHP with source - needs exploiting and/or o-o-t-b thinking
Level 14. Recognize #2
Level 15. download.com's uptime
Level 16. root:hsmfs;g@10.0.0.5
Level 17. Feed me!
Level 18. Find all usernames
Level 19. red+blue+green = ?
Level 20. Recognize #3
Level 21. Backdoor on a suspended domain
Level 22. MS-Word
Level 23. Too easy
Level 24. Defense Intelligence Agency
Level 25. BitNinja
Level 26. PHP filemaneger with source - needs more exploit
Level 27. The photo doesn't load
Level 28. telnet://hax.tor.hu:1800 - Google Word Game
Level 29. Circumvent PHP filters for XSS
Level 30. Create the given image using a number
Level 31. Find all usernames v2.0
Level 32. Exploit file2image.php
Level 33. Forged DNS
Level 34. Defense Information Systems Agency - 199.57.1.130
Level 35. Password is in the image
Level 36. password = f(200)
Level 37. Root password needed
Level 38. No info


*** Update: every user can create a shell account to our linux debian. all tcp traffic is routed through tor for anonimity. there's perl, php, python, mtr, gcc, etc.

#2 fedrus

fedrus

    Private

  • Members
  • 11 posts

Posted 30 October 2007 - 12:15 PM

Thanks, trying these out now - I'm somewhere in between knowledge wise, and it's always nice to mess around on 'legal hacking' :)

I've tried some other 'legal' hacking stuff like www.hackthissite.org - always fun.

#3 gagsec

gagsec

    Private

  • Members
  • 11 posts

Posted 31 October 2007 - 08:04 PM

Glad to see somebody still cares. I know hackthissite, but somehow I don't fancy any of those challenges.
By the way, so far only two people got to registration, and out of those two only one made it to level 2.
What I don't understand is, some people go through the 5 warmup levels to get to the one that involves nasa.gov :)
And the second guy didn't even try it... Anyway, good luck to everyone trying it out.
*Cheers*

#4 SuRGeoN

SuRGeoN

    Private First Class

  • Members
  • 83 posts

Posted 01 November 2007 - 10:51 AM

It's really fun :) but i'm stuck at level0 hehehehe
when a hungry man comes to ask your help, do not give him a fish, rather teach him how to catch a fish

#5 nihoho

nihoho

    Private

  • Members
  • 11 posts

Posted 02 November 2007 - 10:36 AM

By the way, so far only two people got to registration, and out of those two only one made it to level 2.
What I don't understand is, some people go through the 5 warmup levels to get to the one that involves nasa.gov :)


How do you know how many people made it to registration? I can't find any statistics page or anything.. It's a great idea, and the warmup challenges very fun..

Anyway, I can't remember the last time I had this much fun with a site :) I just made it past the NASA challenge.. wish me luck! :)

PS: it would be cool to have a live ranking page, to see who's ahead :) My handle is zer0, btw..

#6 nihoho

nihoho

    Private

  • Members
  • 11 posts

Posted 02 November 2007 - 12:19 PM

Wow.. I made it to Level 3! :) At first glance, it looks like a classical cryptography problem.. At least that's how I'll approach it for now. This is FUN! Could anyone please post a ranking?

#7 gagsec

gagsec

    Private

  • Members
  • 11 posts

Posted 04 November 2007 - 04:09 AM

Thanks for the positive reviews. I made another 5 levels with stuff like mssql snifflog, sql injection, virtual hosting lookup, etc. By the end of the day, there will be realtime statistics.

#8 blackhat420

blackhat420

    Private First Class

  • Members
  • 36 posts

Posted 04 November 2007 - 06:32 AM

Cool site gagsec!

#9 shakuni

shakuni

    Private First Class

  • Members
  • 89 posts

Posted 04 November 2007 - 12:28 PM

Simple & Fun Challenges To Solve, hax.tor.hu

fun, YES.
simple, NO.
There is no rule, law or tradition that apply universally... including this one.

#10 nihoho

nihoho

    Private

  • Members
  • 11 posts

Posted 04 November 2007 - 01:15 PM

Simple & Fun Challenges To Solve, hax.tor.hu

fun, YES.
simple, NO.


Granted, they're not simple, but they're not extremely hard either.. they're challenging because they force you to think "out of the box" :) I love them..

gagsec, thanks for the additional levels, I can't wait to get my hands on them. I'm really looking forward to the statistics page.. :)

#11 gagsec

gagsec

    Private

  • Members
  • 11 posts

Posted 04 November 2007 - 03:11 PM

fun, YES.
simple, NO.


C'mon. Des, base64, connecting to an open service, substituting characters, xss, sql injection - not exactly rocket science.

Granted, they're not simple, but they're not extremely hard either.. they're challenging because they force you to think "out of the box" :) I love them..


Wow thanks that sounds nice but I don't think it has much truth regarding the warmup levels.

gagsec, thanks for the additional levels, I can't wait to get my hands on them. I'm really looking forward to the statistics page.. :)


The stats are now at the bottom. Congrats for completing 5+3 levels :)

#12 nihoho

nihoho

    Private

  • Members
  • 11 posts

Posted 04 November 2007 - 06:50 PM

gagsec, thanks for the additional levels, I can't wait to get my hands on them. I'm really looking forward to the statistics page.. :)


You haven't gotten your hands on level 4 yet :) And lev3 still needs a solution. The stats are now at the bottom.
ps: you came pretty close to getting to lev4. the thinking was perfectly OK - no trap doors, having to figure out what mood the creator was in, etc etc. :P Just don't screw up / miss characters.


lev3 just got a solution.. :) I kept missing characters, and of course the results got screwed up :) That was really frustrating, in a fun way of course..

Off to sleep, tomorrow evening it's on to lvl 4..

#13 nihoho

nihoho

    Private

  • Members
  • 11 posts

Posted 05 November 2007 - 03:47 PM

Well, I made it to the finish line, I guess :) I wholeheartedly recommend these challenges which literally kept me up at night and brought back memories of times long gone, when I was younger and did things. :)

gagsec, thank you for putting your time into this.. for the others, keep going, it's really worth the challenge.

PS: I'm not convinced I finished yet.. why else would there be a password box on that level? :P

Quote: "Of course I'm paranoid, but am I paranoid enough?"

#14 gagsec

gagsec

    Private

  • Members
  • 11 posts

Posted 05 November 2007 - 05:53 PM

PS: I'm not convinced I finished yet.. why else would there be a password box on that level? :P


You were pretty fast with the snifflog + decryption, you ate up the fifo before more data came. There are 4 more levels now :-) Good job BTW!

ps: The people in the user list might be bothered in the near future with job offers. I hope it isn't a big problem :)

hax.tor.hu has a new poster :)

Posted Image

#15 polpotx

polpotx

    Private First Class

  • Sergeant Major
  • 73 posts

Posted 05 November 2007 - 06:05 PM

The first warmup challs ware quite funny and i enjoyed them.

Good job gagsec.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users