• Welcome to Valhalla Legends Archive.
 

Try 2 Hack.NL Challenge ;D

Started by ChR0NiC, August 05, 2004, 05:44 PM

Previous topic - Next topic

ChR0NiC

Let's see how high everybody can get

Try2Hack.nl

Right now I am on level 3.
Right now I am on level 4.
Right now I am on level 5.
Right now I am on level 6.

[Edit] It seems nobody is interested in this, perhaps this was already posted before? Well I am stuck on level 6, but iago informed me he made it to level 8. Wow ;D

quasi-modo

I don't really consider stuff like this hacking though. I mean when you are really hacking you are trying to get into something that was not designed to be hacked, something that was designed to be secure. I mean I am sure the highest level stuff is pretty hard to break, but you should not be able to break in from the website at all idealy.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

muert0

Yeah I think that's the point of sites like this, ideally. I think they are trying to teach you how to look for loopholes in your website so you can protect yourself from them. And I think hacking is more digging into and understanding systems and how they run. And trying to get into something that was designed to be secure is cracking. But, I guess it's just the way you see things.
To lazy for slackware.

quasi-modo

Well I know a few weeks ago I was a victim of sql injection. I had the register form safe from it, also because when you enter data into an sql server db the string deliminator is '. But I forgot to run a replace statement on the login forms before I executed the code so I would not be a victim to sql injection. Through me for a little while till I said, oh ok thats how the dude got in. But my clan's site was like my first site and that was before I knew about stored procedures. Just a little embarassing. No damage could have been done.
WAR EAGLE!
Quote(00:04:08) zdv17: yeah i quit doing that stuff cause it jacked up the power bill too much
(00:04:19) nick is a turtle: Right now im not paying the power bill though
(00:04:33) nick is a turtle: if i had to pay the electric bill
(00:04:47) nick is a turtle: id hibernate when i go to class
(00:04:57) nick is a turtle: or at least when i go to sleep
(00:08:50) zdv17: hibernating in class is cool.. esp. when you leave a drool puddle

iago

When I did some commercial sql code, I made a complete Java class to handle all the SQL stuff such that it was impossible for sql injection to occur.  The only methods where it would be possible to inject sql were protected or private, with BIG warnings.

And it might not have been level 8, it was so long ago -- it was whichever one that you have to exploit a common perl script to get /etc/passwd, then crack his password.  I got the hashed password, but never got around to cracking it.  
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


dxoigmn

Quote from: iago on August 07, 2004, 01:40 PM
When I did some commercial sql code, I made a complete Java class to handle all the SQL stuff such that it was impossible for sql injection to occur.  The only methods where it would be possible to inject sql were protected or private, with BIG warnings.

And it might not have been level 8, it was so long ago -- it was whichever one that you have to exploit a common perl script to get /etc/passwd, then crack his password.  I got the hashed password, but never got around to cracking it.  

After that level I think you go onto an IRC server and there is some encrypted message and then it ended and there nothing else to do.  Has anyone got that far yet?