HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 59 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Test your Hacking Skills
EH-Net
May 22, 2013, 03:14:43 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1] 2   Go Down
« previous next »
  Print  
Author Topic: Test your Hacking Skills  (Read 16569 times)
0 Members and 1 Guest are viewing this topic.
Manu Zacharia (-M-)
Sr. Member
****
Offline Offline

Posts: 393


c0c0n Hacking Conference - where hackers unite


View Profile WWW
« on: August 14, 2006, 12:52:53 AM »
Hi All,

Test your ethical hacking stills at NGSEC's games

Link:
http://quiz.ngsec.com/.


NGSEC's games are a set of security quizes useful for anyone interested in security or hacking.
At the games you'll be presented a set of challenges you'll have to solve in order to gain access to each following stage.

Enjoy the game.

Regards and best wishes

Morpheus
Logged
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)˛, C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
jimbob
Guest
« Reply #1 on: August 16, 2006, 04:08:09 AM »
Thanks Morpheus, that was pretty fun Smiley There are also some challenging wargames at pulltheplug.org.

http://www.pulltheplug.org/wargames/index.html

Regards,
Jim
Logged
LSOChris
Guest
« Reply #2 on: August 19, 2006, 01:50:39 PM »
how is everyone doing on the web app 1 challenge?
Logged
jimbob
Guest
« Reply #3 on: August 19, 2006, 05:35:41 PM »
Quote from: LSOChris on August 19, 2006, 01:50:39 PM
how is everyone doing on the web app 1 challenge?
It was fairly easy, but that's not to say I didn't learn anything along the way. The levels do not necessarily get harder as they go up, it really depends on your current knowledge and experience.

Jim
Logged
Kai
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #4 on: August 30, 2006, 12:05:02 PM »
Hey, Anyone passed level2. I have some problems with my telnet. When I telnet to server, I can't see anything. (Sorry about noob question, I am a newbie
Logged
LSOChris
Guest
« Reply #5 on: August 30, 2006, 11:53:39 PM »
which game?
Logged
Kai
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #6 on: August 31, 2006, 06:19:17 AM »
level 2- game1.
Logged
jimbob
Guest
« Reply #7 on: August 31, 2006, 06:47:25 AM »
I've completed level 10, so I can't get to level 2. If you post the URL I'll take another look and help out. I will stop short of giving you the answer though.

Check out the tip on each page, this often gives a vital clue.

Jim
Logged
LSOChris
Guest
« Reply #8 on: September 03, 2006, 02:49:27 PM »
what did you use to disassemble the binary in level10?
Logged
jimbob
Guest
« Reply #9 on: September 05, 2006, 05:56:08 AM »
Quote from: LSOChris on September 03, 2006, 02:49:27 PM
what did you use to disassemble the binary in level10?
The binary is encrypted. You'll need to find a way to decrypt it before you can do your analysis.

Jim
Logged
LSOChris
Guest
« Reply #10 on: September 05, 2006, 02:50:48 PM »
yeah i know that, what tool did you use to unencrypt it...

there used to be a TESO tool to do it and it seems to be encrypted with it, i did a quick search and didnt come up with the tool, but if there is a newer better tool out there i would be willing to give that a try.
Logged
mn_kthompson
Jr. Member
**
Offline Offline

Posts: 58



View Profile WWW
« Reply #11 on: September 21, 2006, 08:31:50 AM »
I just started them yesterday, and I'm having some difficulty with level 5 of game 1.  This is the first SQL injection challenge in the game.  I've looked over the psuedo code and injected the SQL that I believe would cause rows to come back, but I keep getting an error on the next page.  Unfortunately the error is rather generic and could mean a whole host of things.  I think I'm close to solving this, but I just need a push in the right direction.  Can anyone lend some assistance?
Logged
LSOChris
Guest
« Reply #12 on: September 21, 2006, 01:58:22 PM »
http://www.carnal0wnage.com/papers/LSO-NGSEC-WebApplication-Security-Game1-answers.pdf
Logged
mn_kthompson
Jr. Member
**
Offline Offline

Posts: 58



View Profile WWW
« Reply #13 on: September 21, 2006, 04:07:30 PM »
Wow, Chris, thanks for the push.  I still dont really understand the answer though.  If you have a moment could you explain this to me?

I was trying to send the following to the server as the username:
' or 1=1; --

I thought that would have given me a final query of
SELECT * FROM $table WHERE user='' or 1=1; --' AND pass='$password'

which should have returned the first username in the table.  Why wasn't that working?  Was it something I was doing wrong?  Did the injected code have to be in the password field or should it also work in the username field?

Also, in the answer key you sent it appears that the solution is to basically do what I was doing, but replace every space with a quote in the password field, which would result in the following query, if I'm not mistaken
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'1=1--'
or
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'a'='a

Why would we want to put quotes around 1=1--?  And what's up with the second one?  MySQL would throw a fit if I sent that to it. 

Thanks for any additional help you can provide.
Logged
pcsneaker
Jr. Member
**
Offline Offline

Posts: 73


View Profile
« Reply #14 on: September 22, 2006, 12:27:46 AM »
Quote
I was trying to send the following to the server as the username:
' or 1=1; --

That query works, but you have to add a space after the double dash to get it working.

Quote from: mysql reference:
In MySQL, the ‘-- ’ (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on)
Logged
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
Pages: [1] 2   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.068 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.