Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
December 12, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 248
Members: 0
Total: 248
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Try2hack sites -> hax.tor.hu Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 

So?
Tried it, liked it
100%
 100%  [ 10 ]
Tried it, didn't like it
0%
 0%  [ 0 ]
Didn't try it, but looks nice
0%
 0%  [ 0 ]
Didn't try it, especially didn't like it
0%
 0%  [ 0 ]
Total Votes : 10

hax.tor.hu
PostPosted: Sun Nov 11, 2007 3:41 am Reply with quote
0x90
Regular user
Regular user
 
Joined: Nov 11, 2007
Posts: 5




Here are a few peeks from the challenges users are faced with (you only get to register after completing 5 warmup levels).

http://hax.tor.hu/

There are currently two people in the toplist above lev10 - I talked with one of them, and he said he found these challenges entertaining. Let's see what you say.

Level 1. Make a nasa.gov URL display a text of my choice
Level 4. IP address is 72.14.207.99. What is geek that points to it?
Level 6. Let's see you do some easy SQL ninjitsu
Level 7. snifflog.txt - ngrep format
Level 13. PHP with source - needs exploiting and/or o-o-t-b thinking
Level 15. download.com's uptime
Level 16. root:hsmfs;g@10.0.0.5
Level 18. Find all usernames
View user's profile Send private message
PostPosted: Sun Nov 11, 2007 4:40 am Reply with quote
OoO
Regular user
Regular user
 
Joined: Aug 25, 2007
Posts: 19




There is Full Path Disclosure if you set HAXTOR in the cookie to an invalid value.
Quote:
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /www/hax.tor.hu/etc/lib/session.inc on line 4

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /www/hax.tor.hu/etc/lib/session.inc:4) in /www/hax.tor.hu/etc/lib/session.inc on line 4

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/hax.tor.hu/etc/lib/session.inc:4) in /www/hax.tor.hu/etc/lib/session.inc on line 4

Warning: Cannot modify header information - headers already sent by (output started at /www/hax.tor.hu/etc/lib/session.inc:4) in /www/hax.tor.hu/etc/lib/auth.inc on line 145

Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
[/quote]
View user's profile Send private message
PostPosted: Sun Nov 11, 2007 5:02 am Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Goddamn, i tried some NASA pages for reflective XSS and found serious sql injection hole too Laughing
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sun Nov 11, 2007 6:31 pm Reply with quote
pexli
Valuable expert
Valuable expert
 
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Quote:
(Resolved: hq.secretservice.hu)


Funny Laughing Laughing Laughing
View user's profile Send private message
PostPosted: Sun Nov 11, 2007 6:37 pm Reply with quote
0x90
Regular user
Regular user
 
Joined: Nov 11, 2007
Posts: 5




Quote:
Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /www/hax.tor.hu/etc/lib/session.inc on line 4


There is a reason why display_errors is on Smile Nice find anyway. It actually helps with one of the levels.
View user's profile Send private message
PostPosted: Sun Nov 11, 2007 6:43 pm Reply with quote
0x90
Regular user
Regular user
 
Joined: Nov 11, 2007
Posts: 5




waraxe wrote:
Goddamn, i tried some NASA pages for reflective XSS and found serious sql injection hole too Laughing


World writable anonymous ftp's would have worked as well Wink the (fastest?) http solution is the first google link when you look for 'search site:nasa.gov'.
View user's profile Send private message
PostPosted: Thu Nov 15, 2007 2:41 am Reply with quote
hok0
Beginner
Beginner
 
Joined: Nov 15, 2007
Posts: 1




Can sum1 help me with #1? Can u pm me a workng link so I can pass? also can sum1 show me the sql injectin error??

thanks
hok0
View user's profile Send private message
PostPosted: Thu Nov 15, 2007 12:56 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




hok0 wrote:
Can sum1 help me with #1? Can u pm me a workng link so I can pass? also can sum1 show me the sql injectin error??

thanks
hok0


This challenge is meant to be fun. If someone is helping you, then fun is spoiled. Just my $0.02 Smile
View user's profile Send private message Send e-mail Visit poster's website
New banner
PostPosted: Tue Nov 20, 2007 1:00 pm Reply with quote
0x90
Regular user
Regular user
 
Joined: Nov 11, 2007
Posts: 5




View user's profile Send private message
PostPosted: Tue Dec 04, 2007 8:08 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




I'm strongly suggesting to try this haxxoring:

http://hax.tor.hu/

Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Mon Jul 14, 2008 2:35 pm Reply with quote
ZiPo
Advanced user
Advanced user
 
Joined: Jul 08, 2008
Posts: 86




First I am sorry for posting here but it seemed appropriate (rather than opening new post).

Second, thanks for this topic, hax.tor is a great wargame.

Now the question Wink

Can anybody give me a hint (not a solution please) on level 3. I don't recognize that cipher or whatever it is, i had no problem so far, but i can't figure out what cipher is this (if it is a cipher of some kind).

(G h o T W s w e F Z t c E d T M k 1 5 U 2 t W V W J H a G 9 U V 3 N 3 Z U Z a)

Please just a small hint if it's possible, if you know what is that, just point in some direction, do not give me an answer Wink


P.S. If you feel that I am the one who should find that out by myself then feel free to delete this post Smile
View user's profile Send private message
PostPosted: Mon Jul 14, 2008 8:04 pm Reply with quote
ZiPo
Advanced user
Advanced user
 
Joined: Jul 08, 2008
Posts: 86




Hehehe ok, this is really good game, don't need any help with level 3 I figured out....Great indeed.
View user's profile Send private message
PostPosted: Fri Jul 18, 2008 1:31 am Reply with quote
Henderson
Valuable expert
Valuable expert
 
Joined: Jul 11, 2008
Posts: 58




I'm stuck at level 28. They want us to telnet hax.tor.hu:1800 to play a googame. It seems to me that their telnet service doesn't accept connections or is down, at least on that port. Could someone who passed level 28 please give me an idea?

Oh, btw I found some XSS on the site...

Code:
http://hax.tor.hu/login/index.php/"><script>alert(document.cookie)</script><a
http://hax.tor.hu/peek/index.php/"><script>alert(document.cookie)</script><
http://hax.tor.hu/board/index.php/"><script>alert(document.cookie)</script><a
http://hax.tor.hu/shellaccount/index.php/"><script>alert(document.cookie)</script><a



EDITED:

Ok, they fixed their telnet already...

Cheers
View user's profile Send private message
PostPosted: Mon Jul 21, 2008 4:44 pm Reply with quote
lenny
Valuable expert
Valuable expert
 
Joined: May 15, 2008
Posts: 275
Location: United Kingdom




I'm on level 18 and enjoying it so far Smile

Edit: ARGH! I didn't know that I was being timed!!


Last edited by lenny on Fri Jul 25, 2008 12:11 pm; edited 2 times in total
View user's profile Send private message
PostPosted: Tue Jul 22, 2008 10:08 am Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Henderson wrote:
I'm stuck at level 28. They want us to telnet hax.tor.hu:1800 to play a googame. It seems to me that their telnet service doesn't accept connections or is down, at least on that port. Could someone who passed level 28 please give me an idea?

Oh, btw I found some XSS on the site...

Code:
http://hax.tor.hu/login/index.php/"><script>alert(document.cookie)</script><a
http://hax.tor.hu/peek/index.php/"><script>alert(document.cookie)</script><
http://hax.tor.hu/board/index.php/"><script>alert(document.cookie)</script><a
http://hax.tor.hu/shellaccount/index.php/"><script>alert(document.cookie)</script><a



EDITED:

Ok, they fixed their telnet already...

Cheers


Nice XSS findings, congrats Smile
View user's profile Send private message Send e-mail Visit poster's website
hax.tor.hu
  www.waraxe.us Forum Index -> Try2hack sites
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Book Opinions
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.072 Seconds