| 
	|  |  |  |  
        
          | 
              
                | 
                    
                      | 
                          
                            | 
	| 
	
		|  |  |  
		|  | IT Security and Insecurity Portal |  |  
 
  | 
 
	  
		| So? |  
		| 
			
			  | Tried it, liked it |  | 100% | [ 10 ] |  
			  | Tried it, didn't like it |  | 0% | [ 0 ] |  
			  | Didn't try it, but looks nice |  | 0% | [ 0 ] |  
			  | Didn't try it, especially didn't like it |  | 0% | [ 0 ] |  |  
		| Total Votes : 10 |  
 |  
	|  | hax.tor.hu |  |  
	| 
	
		|  Posted: Sun Nov 11, 2007 3:41 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| 0x90 |  | Regular user |  |  
  |  |  |  | Joined: Nov 11, 2007 |  | Posts: 5 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Here are a few peeks from the challenges users are faced with (you only get to register after completing 5 warmup levels). 
 http://hax.tor.hu/
 
 There are currently two people in the toplist above lev10 - I talked with one of them, and he said he found these challenges entertaining. Let's see what you say.
 
 Level 1. Make a nasa.gov URL display a text of my choice
 Level 4. IP address is 72.14.207.99. What is geek that points to it?
 Level 6. Let's see you do some easy SQL ninjitsu
 Level 7. snifflog.txt - ngrep format
 Level 13. PHP with source - needs exploiting and/or o-o-t-b thinking
 Level 15. download.com's uptime
 Level 16. root:hsmfs;g@10.0.0.5
 Level 18. Find all usernames
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Sun Nov 11, 2007 4:40 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| OoO |  | Regular user |  |  
  |  |  |  | Joined: Aug 25, 2007 |  | Posts: 19 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| There is Full Path Disclosure if you set HAXTOR in the cookie to an invalid value. 
 [/quote] 	  | Quote: |  	  | Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /www/hax.tor.hu/etc/lib/session.inc on line 4 
 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /www/hax.tor.hu/etc/lib/session.inc:4) in /www/hax.tor.hu/etc/lib/session.inc on line 4
 
 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/hax.tor.hu/etc/lib/session.inc:4) in /www/hax.tor.hu/etc/lib/session.inc on line 4
 
 Warning: Cannot modify header information - headers already sent by (output started at /www/hax.tor.hu/etc/lib/session.inc:4) in /www/hax.tor.hu/etc/lib/auth.inc on line 145
 
 Warning: Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0
 
 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
 | 
 |  |  
		|  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Sun Nov 11, 2007 5:02 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| waraxe |  | Site admin |  |  
  |  |  |  | Joined: May 11, 2004 |  | Posts: 2407 |  | Location: Estonia, Tartu |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Goddamn, i tried some NASA pages for reflective XSS and found serious sql injection hole too  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Nov 11, 2007 6:31 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| pexli |  | Valuable expert |  |  
  |  |  |  | Joined: May 24, 2007 |  | Posts: 665 |  | Location: Bulgaria |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Quote: |  	  | (Resolved: hq.secretservice.hu) | 
 
 Funny
      |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Nov 11, 2007 6:37 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| 0x90 |  | Regular user |  |  
  |  |  |  | Joined: Nov 11, 2007 |  | Posts: 5 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Quote: |  	  | Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /www/hax.tor.hu/etc/lib/session.inc on line 4 
 | 
 
 There is a reason why display_errors is on
  Nice find anyway. It actually helps with one of the levels. |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Sun Nov 11, 2007 6:43 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| 0x90 |  | Regular user |  |  
  |  |  |  | Joined: Nov 11, 2007 |  | Posts: 5 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | waraxe wrote: |  	  | Goddamn, i tried some NASA pages for reflective XSS and found serious sql injection hole too  | 
 
 World writable anonymous ftp's would have worked as well
  the (fastest?) http solution is the first google link when you look for 'search site:nasa.gov'. |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu Nov 15, 2007 2:41 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| hok0 |  | Beginner |  |  
  |  |  |  | Joined: Nov 15, 2007 |  | Posts: 1 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Can sum1 help me with #1?  Can u pm me a workng link so I can pass?  also can sum1 show me the sql injectin error?? 
 thanks
 hok0
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Thu Nov 15, 2007 12:56 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| waraxe |  | Site admin |  |  
  |  |  |  | Joined: May 11, 2004 |  | Posts: 2407 |  | Location: Estonia, Tartu |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | hok0 wrote: |  	  | Can sum1 help me with #1?  Can u pm me a workng link so I can pass?  also can sum1 show me the sql injectin error?? 
 thanks
 hok0
 | 
 
 This challenge is meant to be fun. If someone is helping you, then fun is spoiled. Just my $0.02
  |  |  
		|  |  |  
	|  |  
	|  | New banner |  |  
	| 
	
		|  Posted: Tue Nov 20, 2007 1:00 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| 0x90 |  | Regular user |  |  
  |  |  |  | Joined: Nov 11, 2007 |  | Posts: 5 |  |  |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Tue Dec 04, 2007 8:08 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| waraxe |  | Site admin |  |  
  |  |  |  | Joined: May 11, 2004 |  | Posts: 2407 |  | Location: Estonia, Tartu |  |  
 
 |  |  
			|  |  |  
 
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Mon Jul 14, 2008 2:35 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| ZiPo |  | Advanced user |  |  
  |  |  |  | Joined: Jul 08, 2008 |  | Posts: 86 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| First I am sorry for posting here but it seemed appropriate (rather than opening new post). 
 Second, thanks for this topic, hax.tor is a great wargame.
 
 Now the question
   
 Can anybody give me a hint (not a solution please) on level 3. I don't recognize that cipher or whatever it is, i had no problem so far, but i can't figure out what cipher is this (if it is a cipher of some kind).
 
 (G h o T W s w e F Z t c E d T M k 1 5 U 2 t W V W J H a G 9 U V 3 N 3 Z U Z a)
 
 Please just a small hint if it's possible, if you know what is that, just point in some direction, do not give me an answer
   
 
 P.S. If you feel that I am the one who should find that out by myself then feel free to delete this post
  |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Mon Jul 14, 2008 8:04 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| ZiPo |  | Advanced user |  |  
  |  |  |  | Joined: Jul 08, 2008 |  | Posts: 86 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| Hehehe ok, this is really good game, don't need any help with level 3 I figured out....Great indeed. |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Fri Jul 18, 2008 1:31 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| Henderson |  | Valuable expert |  |  
  |  |  |  | Joined: Jul 11, 2008 |  | Posts: 58 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I'm stuck at level 28. They want us to telnet hax.tor.hu:1800 to play a googame. It seems to me that their telnet service doesn't accept connections or is down, at least on that port. Could someone who passed level 28 please give me an idea? 
 Oh, btw I found some XSS on the site...
 
 
  	  | Code: |  	  | http://hax.tor.hu/login/index.php/"><script>alert(document.cookie)</script><a http://hax.tor.hu/peek/index.php/"><script>alert(document.cookie)</script><
 http://hax.tor.hu/board/index.php/"><script>alert(document.cookie)</script><a
 http://hax.tor.hu/shellaccount/index.php/"><script>alert(document.cookie)</script><a
 | 
 
 
 EDITED:
 
 Ok, they fixed their telnet already...
 
 Cheers
 |  |  
		|  |  |  
	|  |  
	| 
	
		|  Posted: Mon Jul 21, 2008 4:44 pm |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| lenny |  | Valuable expert |  |  
  |  |  |  | Joined: May 15, 2008 |  | Posts: 275 |  |  |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			| I'm on level 18 and enjoying it so far   
 Edit: ARGH! I didn't know that I was being timed!!
 |  |  
		| 
		
			| 
 Last edited by lenny on Fri Jul 25, 2008 12:11 pm; edited 2 times in total
 |  |  |  
	|  |  |  | 
 
	|  |  |  |  
	| 
	
		|  Posted: Tue Jul 22, 2008 10:08 am |   |  |  
	| 
	
		| 
		
			| 
			
				| 
				| waraxe |  | Site admin |  |  
  |  |  |  | Joined: May 11, 2004 |  | Posts: 2407 |  | Location: Estonia, Tartu |  |  
 
 |  |  
			|  |  |  
 
 | 
		
			|  	  | Henderson wrote: |  	  | I'm stuck at level 28. They want us to telnet hax.tor.hu:1800 to play a googame. It seems to me that their telnet service doesn't accept connections or is down, at least on that port. Could someone who passed level 28 please give me an idea? 
 Oh, btw I found some XSS on the site...
 
 
  	  | Code: |  	  | http://hax.tor.hu/login/index.php/"><script>alert(document.cookie)</script><a http://hax.tor.hu/peek/index.php/"><script>alert(document.cookie)</script><
 http://hax.tor.hu/board/index.php/"><script>alert(document.cookie)</script><a
 http://hax.tor.hu/shellaccount/index.php/"><script>alert(document.cookie)</script><a
 | 
 
 
 EDITED:
 
 Ok, they fixed their telnet already...
 
 Cheers
 | 
 
 Nice XSS findings, congrats
  |  |  
		|  |  |  
	|  |  |  | 
 
	| www.waraxe.us Forum Index -> Try2hack sites 
 
	
		| You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 
 | All times are GMT Page 1 of 2
			Goto page 1, 2Next
 
 |  |  
	|  |  
 Powered by phpBB © 2001-2008 phpBB Group
 
 
 
 
 |  |  |  |  |