Axino.net » hackthissite.org

hackthissite.org Application 3 :: 127.0.0.1

Arxleol — Thu, 27 May 2010 20:51:02 +0000

Starting procedure in the third application mission is exactly the same as previous two. However, final solution is more complex.

First thing is to open downloaded exe file in wordpad. Now you will search document for certain word for example auth. And near one hit you will notice following document structure:

/missions/application/app3/auth.php?key=

We already know that we are connecting to hackthissite.org so link invoked is:

hackthissite.org/missions/application/app3/auth.php?key=

Now when you open link provided you will see false. So in order to win this mission we have to be able either change output on the site to true or use some other technique. I’ve decided to create false site on my local machine and always serve true as answer.

First thing is to install some server on your machine. I strongly suggest wamp (windows, apache, mysql, php). When you install it on your computer. Next step is to change dns records again on your local machine. If you don’t know how to do it check this tutorial. You need to add this value in hosts file and save file:

127.0.0.1 hackthissite.org

Now in order for this changes to take effect. You need to flush your dns records. This can be done simply by opening CMD and writing following command:

ipconfig /flushdns

Now if you have done everything correctly when you type in hackthissite.org either nothing will show or you will see some server default response.

Next step is to open www folder. Just left click on WAMP icon in taskbar and select www directory. When file explorer window is opened you need to replicate folder structure we found in app. It should look something like this:

C:\wamp\www\missions\application\app3

In this folder create file named: auth.php. Open this file with text processor and only enter true.

Start application and just click on the Authenticate. If you have done everything correctly you will receive congratulation and password: fireyourboss.

Now, don’t forget to correct hosts file and flush dns again.Similar Posts:

hackthissite.org Application 2 :: connection

Arxleol — Tue, 25 May 2010 22:34:16 +0000

Method of solving second application mission is very similar to the first one. You download rar file and then open exe file in the wordpad.

However, notice that before serial is authenticated it connects to internet probably hackthissite.org and downloads or compares keys to existing keys on the URI.

Following step is to search certain word I kept searching for authenticate. You should be able to find this specific piece of code:

*GET /application/app2/keys123.txt

This means that application downloads list of keys from this location or specifically: http://www.hackthissite.org/application/app2/keys123.txt

Now if you open URL provided you will find this list of keys:

63482-74819-88456-98378
45910-18394-85113-51290
10110-19101-59111-41563
11424-74719-19578-99238
25182-28381-85611-85258
62351-12939-12481-58020
63482-74819-88456-98378
45910-18394-85113-51290
18381-21931-98680-86523
32910-21944-12391-51939
12389-16781-72893-71892
83478-91933-89823-98511

I’ve just selected the very first key and obtained password for solution: liberationSimilar Posts:

hackthissite.org Application 1 :: wordpad pass

Arxleol — Mon, 24 May 2010 22:05:10 +0000

First application challenge is really simple almost as the very first mission you took basic 1. First thing first download rar file from the site and unrar it.

Second step is to run exe file. Now what you want to do is to open exe file with wordpad or notepad some simple text editor. When you open exe file in wordpad try searching for authenticate. And next to one of the found entries you will find set of serial numbers. I used the very first one and entered it in the SN box.

0130-1414-5624-1341

Now when you enter this serial number in the box you will receive password for solving challenge.

smashthestate

Similar Posts:

hackthissite.org extbasic 13 :: I do validate. I really do.

Arxleol — Mon, 24 May 2010 21:22:09 +0000

Notice that validating is futile if you have obvious fail in logic.

Here is the code we need to analyze:




        if (isset($_GET['name']) && isset($_GET['email'])) {
                $user = mysql_real_escape_string($_GET['name']);
                $email = mysql_real_escape_string($_GET['email']);
                $result= mysql_fetch_assoc(mysql_query("SELECT `email` FROM `members` WHERE name = '$user'"));
                $reply = false;
                if ($email == $result['email'])
                {
                        $reply = true;
                }
        } else {
                $reply = false;
        }
        echo ($reply) ? 1 : 0;
?>

There are many deceptions in this script but for us it is important to analyze first if statement. It checks whether name and email are set even if empty. Now notice that both are escaped before placed in SQL. And then second if statement check whether we compare result email to the inputted email. So you probably figure out now that two same values when compared are always the same. So what will probably be result if we input anything in. Result will be empty, now its simple if you compare empty to empty it is true.



vrfy.php?name=&email=

Similar Posts:

hackthissite.org solutions to all javascript missions

Arxleol — Sat, 22 May 2010 22:59:51 +0000

Javascript missions

Similar Posts:

Javascript Missions 6 :: go go away .js

Arxleol — Wed, 19 May 2010 23:00:03 +0000

This is nice example of some kind of decoy strategy. At first when you opened mission you checked source code and found following two functions.



RawrRawr = "moo";
function check(x)
{
"+RawrRawr+" == "hack_this_site"
if (x == ""+RawrRawr+"")
{
alert("Rawr! win!");
window.location = "about:blank";
} else {
alert("Rawr, nope, try again!");
}
}
 
function checkpassw(moo)
{
RawrRawr = moo;
checkpass(RawrRawr);
}

Now if you check HTML code of the button you will notice that function is not among these two present.

So I followed this clue and found that above those two functions there is remotely connected javascript file.

When you open that file you will find following javascript code:



dairycow="moo";
moo = "pwns";
rawr = "moo";
 
function checkpass(pass)
{
if(pass == rawr+" "+moo)
{
alert("How did you do that??? Good job!");
window.location = "../../../missions/javascript/6/?lvl_password="+pass;
} else {
alert("Nope, try again");
}
}

I guess that from here you are already able to figure that password is: moo pwns. If not then ask Similar Posts:

Javascript Missions 5 :: Escape!

Arxleol — Wed, 19 May 2010 22:01:01 +0000

Level 5 can be solved on really simple way. Since Faith wrote encoded characters and as we would like to have simplest solution possible we will just output contents or variable moo.

Javascript:



moo = unescape('%69%6C%6F%76%65%6D%6F%6F');
      function check (x) {
        if (x == moo)
        {
          alert("Ahh.. so that's what she means");
          window.location = "../../../missions/javascript/5/?lvl_password="+x;
        }
        else {
          alert("Nope... try again!");
        }
}

Now to see contents of variable moo. We will use technique known as javascript injection. What you need to do is to put following source code in your browser URL bar and content of variable moo will be outputted as alert window.



javascript:alert(moo)

Password is: ilovemooSimilar Posts:

Javascript Missions 4 :: Var?

Arxleol — Wed, 19 May 2010 21:03:54 +0000

The following mission is really simple. If you checkout source code:



RawrRawr = "moo";
function check(x)
{
        "+RawrRawr+" == "hack_this_site"
	if (x == ""+RawrRawr+"")
        {
		alert("Rawr! win!");
                window.location = "../../../missions/javascript/4/?lvl_password="+x;
        } else {
		alert("Rawr, nope, try again!");
	}
}

First statement represents that RawrRawr has value moo. Then we proceed to function declaration I am not sure what’s really meant by this statement “+RawrRawr+” == “hack_this_site”. However, if we continue to if condition it is quite simple that password should be moo. Because from the left and right side we add empty strings.

Similar Posts:

Javascript Missions 3 :: Math time

Arxleol — Mon, 17 May 2010 22:27:56 +0000

Let’s see how faith intends to check our math skills

As you can see we have source code in front of us now let’s just crack it:



var foo = 5 + 6 * 7
var bar = foo % 8
var moo = bar * 2
var rar = moo / 3
function check(x)
{
        if (x.length == moo)
        {
                        alert("win!");
                        window.location += "?lvl_password="+x;
        } else {
                        alert("fail D:");
	 }
}

As you can see length of input is compared to variable moo.

Variable foo has value of 47. This should be straightforward math. Variable bar has value of 7 because % percentage sign represents remainder of 47 divided by 8. Read more about modular arithmetics. And therefore variable moo has value of 14.

To win we have solution string of length 14 characters and this one is really simple: aaaaaaaaaaaaaa

Similar Posts:

Javascript Missions 2 :: Disable Javascript

Arxleol — Wed, 06 Jan 2010 00:54:35 +0000

In the second javascript mission we have to disable javascript to login or solve mission.

Mission introduction:

Disable Javascript
faith had made a redirect script and logout with javascript to keep hackers away

In order to disable javascript in Firefox you have to go to Tools->Options… and then Content tab. And uncheck the box next to Enable javascript.

Now you should click on the link Take this challenge, and after that win this challenge.Similar Posts: