EH-Net

Hi All,

Test your ethical hacking stills at NGSEC's games

Link:
http://quiz.ngsec.com/. (http://quiz.ngsec.com/.)


NGSEC's games are a set of security quizes useful for anyone interested in security or hacking.
At the games you'll be presented a set of challenges you'll have to solve in order to gain access to each following stage.

Enjoy the game.

Regards and best wishes

Morpheus

Thanks Morpheus, that was pretty fun :) There are also some challenging wargames at pulltheplug.org.

http://www.pulltheplug.org/wargames/index.html

Regards,
Jim

how is everyone doing on the web app 1 challenge?

It was fairly easy, but that's not to say I didn't learn anything along the way. The levels do not necessarily get harder as they go up, it really depends on your current knowledge and experience.

Jim

Hey, Anyone passed level2. I have some problems with my telnet. When I telnet to server, I can't see anything. (Sorry about noob question, I am a newbie

which game?

level 2- game1.

I've completed level 10, so I can't get to level 2. If you post the URL I'll take another look and help out. I will stop short of giving you the answer though.

Check out the tip on each page, this often gives a vital clue.

Jim

what did you use to disassemble the binary in level10?

The binary is encrypted. You'll need to find a way to decrypt it before you can do your analysis.

Jim

yeah i know that, what tool did you use to unencrypt it...

there used to be a TESO tool to do it and it seems to be encrypted with it, i did a quick search and didnt come up with the tool, but if there is a newer better tool out there i would be willing to give that a try.

I just started them yesterday, and I'm having some difficulty with level 5 of game 1.  This is the first SQL injection challenge in the game.  I've looked over the psuedo code and injected the SQL that I believe would cause rows to come back, but I keep getting an error on the next page.  Unfortunately the error is rather generic and could mean a whole host of things.  I think I'm close to solving this, but I just need a push in the right direction.  Can anyone lend some assistance?

http://www.carnal0wnage.com/papers/LSO-NGSEC-WebApplication-Security-Game1-answers.pdf

Wow, Chris, thanks for the push.  I still dont really understand the answer though.  If you have a moment could you explain this to me?

I was trying to send the following to the server as the username:
' or 1=1; --

I thought that would have given me a final query of
SELECT * FROM $table WHERE user='' or 1=1; --' AND pass='$password'

which should have returned the first username in the table.  Why wasn't that working?  Was it something I was doing wrong?  Did the injected code have to be in the password field or should it also work in the username field?

Also, in the answer key you sent it appears that the solution is to basically do what I was doing, but replace every space with a quote in the password field, which would result in the following query, if I'm not mistaken
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'1=1--'
or
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'a'='a

Why would we want to put quotes around 1=1--?  And what's up with the second one?  MySQL would throw a fit if I sent that to it. 

Thanks for any additional help you can provide.

That query works, but you have to add a space after the double dash to get it working.

I'm not familiar with the particular challenge you are doing, but you don't necessarily have to inject the info via a form. You could also add it on to the end of a URL in the address bar, similarly to the way you'd use Javascript injection.

BTW, has any one here done any of the challenges at Hellbound Hackers (http://www.hellboundhackers.org/). I find the challenges there very well organized and interesting. they have quite a variety and you don't have to pass 1 to be allowed to progress on to another.

i am working thru them, they are pretty good.

is there some kind of solutions for green horns like me..just paased the first stage and taking hrs to get pass the other

Yes.....read, read, read and read some more. I don't mean this to be rude, but the best (long term) advice a hacker could give you is RTFM. It's a bit crude but gets to the point. If you're not inquisitive you can't be a hacker. Don't forget, Google is you friend!!  :D

Also you have to try and experiment as much as possible; try playing around with cookies, forms and with the URL and inject things into them and see what happens, and read the source for every page including error pages. Try using different web browsers - in particular Firefox has many extensions which can help you get through challenges. Be resourceful.

BTW, I've spent days and sometimes weeks on some challenges, so don't feel bad. You have to be persistent.