Test your Hacking Skills

[Manu Zacharia (-M-)]

Hi All,

Test your ethical hacking stills at NGSEC's games

Link:
http://quiz.ngsec.com/.


NGSEC's games are a set of security quizes useful for anyone interested in security or hacking.
At the games you'll be presented a set of challenges you'll have to solve in order to gain access to each following stage.

Enjoy the game.

Regards and best wishes

Morpheus

[jimbob]

Thanks Morpheus, that was pretty fun There are also some challenging wargames at pulltheplug.org.

http://www.pulltheplug.org/wargames/index.html

Regards,
Jim

[LSOChris]

how is everyone doing on the web app 1 challenge?

[jimbob]

how is everyone doing on the web app 1 challenge?

It was fairly easy, but that's not to say I didn't learn anything along the way. The levels do not necessarily get harder as they go up, it really depends on your current knowledge and experience.

Jim

[Kai]

Hey, Anyone passed level2. I have some problems with my telnet. When I telnet to server, I can't see anything. (Sorry about noob question, I am a newbie

[LSOChris]

which game?

[Kai]

level 2- game1.

[jimbob]

I've completed level 10, so I can't get to level 2. If you post the URL I'll take another look and help out. I will stop short of giving you the answer though.

Check out the tip on each page, this often gives a vital clue.

Jim

[LSOChris]

what did you use to disassemble the binary in level10?

[jimbob]

what did you use to disassemble the binary in level10?

The binary is encrypted. You'll need to find a way to decrypt it before you can do your analysis.

Jim

[LSOChris]

yeah i know that, what tool did you use to unencrypt it...

there used to be a TESO tool to do it and it seems to be encrypted with it, i did a quick search and didnt come up with the tool, but if there is a newer better tool out there i would be willing to give that a try.

[mn_kthompson]

I just started them yesterday, and I'm having some difficulty with level 5 of game 1.  This is the first SQL injection challenge in the game.  I've looked over the psuedo code and injected the SQL that I believe would cause rows to come back, but I keep getting an error on the next page.  Unfortunately the error is rather generic and could mean a whole host of things.  I think I'm close to solving this, but I just need a push in the right direction.  Can anyone lend some assistance?

[LSOChris]

http://www.carnal0wnage.com/papers/LSO-NGSEC-WebApplication-Security-Game1-answers.pdf

[mn_kthompson]

Wow, Chris, thanks for the push.  I still dont really understand the answer though.  If you have a moment could you explain this to me?

I was trying to send the following to the server as the username:
' or 1=1; --

I thought that would have given me a final query of
SELECT * FROM $table WHERE user='' or 1=1; --' AND pass='$password'

which should have returned the first username in the table.  Why wasn't that working?  Was it something I was doing wrong?  Did the injected code have to be in the password field or should it also work in the username field?

Also, in the answer key you sent it appears that the solution is to basically do what I was doing, but replace every space with a quote in the password field, which would result in the following query, if I'm not mistaken
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'1=1--'
or
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'a'='a

Why would we want to put quotes around 1=1--?  And what's up with the second one?  MySQL would throw a fit if I sent that to it. 

Thanks for any additional help you can provide.

[pcsneaker]

I was trying to send the following to the server as the username:
' or 1=1; --

That query works, but you have to add a space after the double dash to get it working.

In MySQL, the ‘-- ’ (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on)