The Ethical Hacker Network - Test your Hacking Skills

Manu Zacharia (-M-)

Sr. Member

Offline

Posts: 393

c0c0n Hacking Conference - where hackers unite

Test your Hacking Skills

« on: August 14, 2006, 12:52:53 AM »

Hi All,

Test your ethical hacking stills at NGSEC's games

Link:
http://quiz.ngsec.com/.

NGSEC's games are a set of security quizes useful for anyone interested in security or hacking.
At the games you'll be presented a set of challenges you'll have to solve in order to gain access to each following stage.

Enjoy the game.

Regards and best wishes

Morpheus


	Logged

Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n

jimbob

Guest

Re: Test your Hacking Skills

« Reply #1 on: August 16, 2006, 04:08:09 AM »

Thanks Morpheus, that was pretty fun

There are also some challenging wargames at pulltheplug.org.

http://www.pulltheplug.org/wargames/index.html

Regards,
Jim


	Logged

LSOChris

Guest

Re: Test your Hacking Skills

« Reply #2 on: August 19, 2006, 01:50:39 PM »

how is everyone doing on the web app 1 challenge?


	Logged

jimbob

Guest

Re: Test your Hacking Skills

« Reply #3 on: August 19, 2006, 05:35:41 PM »

Quote from: LSOChris on August 19, 2006, 01:50:39 PM

how is everyone doing on the web app 1 challenge?

It was fairly easy, but that's not to say I didn't learn anything along the way. The levels do not necessarily get harder as they go up, it really depends on your current knowledge and experience.

Jim


	Logged

Kai

Newbie

Offline

Posts: 4

Re: Test your Hacking Skills

« Reply #4 on: August 30, 2006, 12:05:02 PM »

Hey, Anyone passed level2. I have some problems with my telnet. When I telnet to server, I can't see anything. (Sorry about noob question, I am a newbie


	Logged

LSOChris

Guest

Re: Test your Hacking Skills

« Reply #5 on: August 30, 2006, 11:53:39 PM »

which game?


	Logged

Kai

Newbie

Offline

Posts: 4

Re: Test your Hacking Skills

« Reply #6 on: August 31, 2006, 06:19:17 AM »

level 2- game1.


	Logged

jimbob

Guest

Re: Test your Hacking Skills

« Reply #7 on: August 31, 2006, 06:47:25 AM »

I've completed level 10, so I can't get to level 2. If you post the URL I'll take another look and help out. I will stop short of giving you the answer though.

Check out the tip on each page, this often gives a vital clue.

Jim


	Logged

LSOChris

Guest

Re: Test your Hacking Skills

« Reply #8 on: September 03, 2006, 02:49:27 PM »

what did you use to disassemble the binary in level10?


	Logged

jimbob

Guest

Re: Test your Hacking Skills

« Reply #9 on: September 05, 2006, 05:56:08 AM »

Quote from: LSOChris on September 03, 2006, 02:49:27 PM

what did you use to disassemble the binary in level10?

The binary is encrypted. You'll need to find a way to decrypt it before you can do your analysis.

Jim


	Logged

LSOChris

Guest

Re: Test your Hacking Skills

« Reply #10 on: September 05, 2006, 02:50:48 PM »

yeah i know that, what tool did you use to unencrypt it...

there used to be a TESO tool to do it and it seems to be encrypted with it, i did a quick search and didnt come up with the tool, but if there is a newer better tool out there i would be willing to give that a try.


	Logged

mn_kthompson

Jr. Member

Offline

Posts: 58

Re: Test your Hacking Skills

« Reply #11 on: September 21, 2006, 08:31:50 AM »

I just started them yesterday, and I'm having some difficulty with level 5 of game 1. This is the first SQL injection challenge in the game. I've looked over the psuedo code and injected the SQL that I believe would cause rows to come back, but I keep getting an error on the next page. Unfortunately the error is rather generic and could mean a whole host of things. I think I'm close to solving this, but I just need a push in the right direction. Can anyone lend some assistance?


	Logged

LSOChris

Guest

Re: Test your Hacking Skills

« Reply #12 on: September 21, 2006, 01:58:22 PM »

http://www.carnal0wnage.com/papers/LSO-NGSEC-WebApplication-Security-Game1-answers.pdf


	Logged

mn_kthompson

Jr. Member

Offline

Posts: 58

Re: Test your Hacking Skills

« Reply #13 on: September 21, 2006, 04:07:30 PM »

Wow, Chris, thanks for the push. I still dont really understand the answer though. If you have a moment could you explain this to me?

I was trying to send the following to the server as the username:
' or 1=1; --

I thought that would have given me a final query of
SELECT * FROM $table WHERE user='' or 1=1; --' AND pass='$password'

which should have returned the first username in the table. Why wasn't that working? Was it something I was doing wrong? Did the injected code have to be in the password field or should it also work in the username field?

Also, in the answer key you sent it appears that the solution is to basically do what I was doing, but replace every space with a quote in the password field, which would result in the following query, if I'm not mistaken
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'1=1--'
or
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'a'='a

Why would we want to put quotes around 1=1--? And what's up with the second one? MySQL would throw a fit if I sent that to it.

Thanks for any additional help you can provide.


	Logged

pcsneaker

Jr. Member

Offline

Posts: 73

Re: Test your Hacking Skills

« Reply #14 on: September 22, 2006, 12:27:46 AM »

Quote

I was trying to send the following to the server as the username:
' or 1=1; --

That query works, but you have to add a space after the double dash to get it working.

Quote from: mysql reference:

In MySQL, the ‘-- ’ (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on)


	Logged

MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+

Pages: [1] 2 Go Up

« previous next »