Jump to content
xisto Community
Sign in to follow this  
jipman

Hackers Challenge 3 It took me quite a while but here it is

Recommended Posts

And here's number 3

Before you try to hack this one, I have ONE hint to give you, if you don't do this right the first time, you may encounter even more difficulty to pass this test, so be carefull. Because this one is full of ambushes.

http://forums.xisto.com/no_longer_exists/

ps. I've run out of inspiration now, so it might take me a lot of time to write a nice new challenge 4.

Notice from jipman:

Here's a list of all people who have managed to hack this challenge:

- flachi

ps. I really wonder if someone is going to succeed, if someone pulls this off he/she is seriously good.

Share this post


Link to post
Share on other sites

How the heck do you guys do these? I have no idea on how to do any of these challenges.... And I thought I was good at computers! :(

 

- AlPal

Share this post


Link to post
Share on other sites

Anyone want to provide clues to this, it is indeed hard, here's things that I need other people's understanding for:The wording tells us first we must find the guest, trick or no trick?None Shall Pass, this riddles me but what does it mean.And then what I understand, and what could help others:We have a form using the post method, with 3 fieldnames, two are shown and one is hidden.user="admin" # is there also a guest user?pass="" # this is what we want to findid="<?php echo md5($_SERVER['REMOTE_ADDR']); ?>" # one method of how this could be generated.In the header we're told there's many ambushes, you're only given one chance to get this right, although depends on the verification methods order. You'll be blocked by either IP address or the MD5 encryption of the address. Now the posted information relates back to the same page. action="<?php echo $_SERVER['PHP_SELF']; ?>" quite possibly.I can't tell if any database is being used, but there's no reason why we can't try SQL Injection on this but could this be a bit too much.Now lets assume the SQL query$query = "SELECT * FROM user WHERE user='{$_POST['user']}' AND pass='{$_POST['pass']}'";There seems to be checks performed on the posted information than anything else, especially the user. Then the next check would be to check if you were banned and if not show the page, however we may not be able to continue if we have been banned. If this is indeed SQL Injection, we have another query to check if we're banned or not.We maybe able to bypass the banned list or even better, remove it.First things first, is solving the riddle before attempting to try anything. If you have a dynamic IP, you've got better chances. Static IP, well anonymous web proxies that support the POST and GET methods if needs be.If anyone has any clues, they should share them.Cheers,MC

Share this post


Link to post
Share on other sites

A quick look at the source reveals an md5 string.

<h1>This is the third challenge by Jip Man</h1>This challenge is in my opinion my most difficult one (for now)<p>You only have solved this challenge if you have the admin pass, which will be clearly given to you once you solve the guest<p>Now.. here for the challenge<p><h2>None Shall Pass</h2><form method="post" action="challenge3.php"><input type="text" name="user" value="admin"><input type="password" name="pass"><input type="hidden" name="id" value="69ba754dff7c853960a8a033d3a9eede"><input type="submit" value="Login"></form>

the hidden input field is the key to solving this problem.

This is harder than I thought. I doubt that an SQL Injection will work on this one.

I'm assuming that once you find the "guest" users password, you'll be able to clearly see the admin password.

Hmm... None shall pass, I guess this is just a little cliche statment. :(

I believe that it's an md5 encyption of the URL that you're banned by.

- whyme

p.s. I just got myself banned on the server, trying different proxies didn't work. damnit.

Share this post


Link to post
Share on other sites

Ehm.... maybe it is a little too difficult, so let me give you guys some hints

0. You need the global password
1. NO SQL, PHP only
2. Think before you do because else you might be having trouble finding proxies.
3. READ THE INTRODUCTION, there are NO typo's :P
4. About the none shall pass, did noone of you watch Monty Python & The holy grail? The scene with the blackknight was the coolest.(not really a hint but you really do have to watch that movie, so funny)
5. decrypting the md5 hash might be worth your while, it gives you quite a good hint. Or you could use logic to figure out what the hash would be ? :D
6. What is the most used password but also the least secure one?
7. There is no place like 127.0.0.1
8. With all those security checks i implemented, i might have overlooked something don't i? :P

note. I changed the POST stuff to GET stuff, because it works the same but is easier in use.

ps. if changing proxies doesn't work, i think you did something wrong :(

have fun :D

to mastercomputers:

There seems to be checks performed on the posted information than anything else, especially the user. Then the next check would be to check if you were banned and if not show the page, however we may not be able to continue if we have been banned.

Wow, you are not some mindreading person are you? Good thinking :D.

just for the heck of it, there are 27 bans activated at the moment :D

a small note for the none shall pass, it has something to do with hint # 7. But you gotta find out in what matter

Share this post


Link to post
Share on other sites

[battle sounds][black Knight defeats a worthless-piece-of-crap-knight]
ARTHUR: You fight with the strength of many men, Sir knight.
[pause]
I am Arthur, King of the Britons.
[pause]
I seek the finest and the bravest knights in the land to
join me in my Court of Camelot.
[pause]
You have proved yourself worthy; will you join me?
[pause]
You make me sad. So be it. Come, Patsy.
BLACK KNIGHT: None shall pass.
ARTHUR: What?
BLACK KNIGHT: None shall pass.
ARTHUR: I have no quarrel with you, good Sir knight, but I must
cross this bridge.
BLACK KNIGHT: Then you shall die.
ARTHUR: I command you as King of the Britons to stand aside!
BLACK KNIGHT: I move for no man.
ARTHUR: So be it!
[hah]
[parry thrust]
[ARTHUR chops the BLACK KNIGHT's left arm off]
ARTHUR: Now stand aside, worthy adversary.
BLACK KNIGHT: 'Tis but a scratch.
ARTHUR: A scratch? Your arm's off!
BLACK KNIGHT: No, it isn't.
ARTHUR: Well, what's that then?
BLACK KNIGHT: I've had worse.
ARTHUR: You liar!
BLACK KNIGHT: Come on you pansy!
[hah]
[parry thrust]
[ARTHUR chops the BLACK KNIGHT's right arm off]
ARTHUR: Victory is mine!
[kneeling]
We thank thee Lord, that in thy merc-
[black Knight kicks Arthur in the head while he is praying]
BLACK KNIGHT: Come on then.
ARTHUR: What?
BLACK KNIGHT: Have at you!
ARTHUR: You are indeed brave, Sir knight, but the fight is mine.
BLACK KNIGHT: Oh, had enough, eh?
ARTHUR: Look, you stupid bastard, you've got no arms left.
BLACK KNIGHT: Yes I have.
ARTHUR: Look!
BLACK KNIGHT: Just a flesh wound.
[Headbutts Arthur in the chest]
ARTHUR: Look, stop that.
BLACK KNIGHT: Chicken! Chicken!
ARTHUR: Look, I'll have your leg. Right!
[whop]
[ARTHUR chops the BLACK KNIGHT's leg off]
BLACK KNIGHT: Right, I'll do you for that!
ARTHUR: You'll what?
BLACK KNIGHT: Come 'ere!
ARTHUR: What are you going to do, bleed on me?
BLACK KNIGHT: I'm invincible!
ARTHUR: You're a loony.
BLACK KNIGHT: The Black Knight always triumphs! Have at you!
Come on then.
[whop]
[ARTHUR chops the BLACK KNIGHT's other leg off]
BLACK KNIGHT: All right; we'll call it a draw.
ARTHUR: Come, Patsy.
BLACK KNIGHT: Oh, oh, I see, running away then. You yellow
bastards! Come back here and take what's coming to you. I'll bite
your legs off!


If that's not a funny scene then what is?

Thanks for the hints. Now it might be possible, yet still something I may have overlooked. And there's 30 in the ban list at current.


MC

Share this post


Link to post
Share on other sites

Yeah... Something changed on the asta serversI gotta request SSH again.Anyway, i fixed the banning problem :D.Although it kinda made the challenge a bit easier :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.