.

Test your Hacking Skills

<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Mon Aug 14, 2006 12:52 am

Test your Hacking Skills

Hi All,

Test your ethical hacking stills at NGSEC's games

Link:
http://quiz.ngsec.com/.


NGSEC's games are a set of security quizes useful for anyone interested in security or hacking.
At the games you'll be presented a set of challenges you'll have to solve in order to gain access to each following stage.

Enjoy the game.

Regards and best wishes

Morpheus
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

jimbob

Post Wed Aug 16, 2006 4:08 am

Re: Test your Hacking Skills

Thanks Morpheus, that was pretty fun :) There are also some challenging wargames at pulltheplug.org.

http://www.pulltheplug.org/wargames/index.html

Regards,
Jim
<<

LSOChris

Post Sat Aug 19, 2006 1:50 pm

Re: Test your Hacking Skills

how is everyone doing on the web app 1 challenge?
<<

jimbob

Post Sat Aug 19, 2006 5:35 pm

Re: Test your Hacking Skills

LSOChris wrote:how is everyone doing on the web app 1 challenge?

It was fairly easy, but that's not to say I didn't learn anything along the way. The levels do not necessarily get harder as they go up, it really depends on your current knowledge and experience.

Jim
<<

Kai

Newbie
Newbie

Posts: 4

Joined: Sun Aug 20, 2006 3:13 am

Post Wed Aug 30, 2006 12:05 pm

Re: Test your Hacking Skills

Hey, Anyone passed level2. I have some problems with my telnet. When I telnet to server, I can't see anything. (Sorry about noob question, I am a newbie
<<

LSOChris

Post Wed Aug 30, 2006 11:53 pm

Re: Test your Hacking Skills

which game?
<<

Kai

Newbie
Newbie

Posts: 4

Joined: Sun Aug 20, 2006 3:13 am

Post Thu Aug 31, 2006 6:19 am

Re: Test your Hacking Skills

level 2- game1.
<<

jimbob

Post Thu Aug 31, 2006 6:47 am

Re: Test your Hacking Skills

I've completed level 10, so I can't get to level 2. If you post the URL I'll take another look and help out. I will stop short of giving you the answer though.

Check out the tip on each page, this often gives a vital clue.

Jim
<<

LSOChris

Post Sun Sep 03, 2006 2:49 pm

Re: Test your Hacking Skills

what did you use to disassemble the binary in level10?
<<

jimbob

Post Tue Sep 05, 2006 5:56 am

Re: Test your Hacking Skills

LSOChris wrote:what did you use to disassemble the binary in level10?

The binary is encrypted. You'll need to find a way to decrypt it before you can do your analysis.

Jim
<<

LSOChris

Post Tue Sep 05, 2006 2:50 pm

Re: Test your Hacking Skills

yeah i know that, what tool did you use to unencrypt it...

there used to be a TESO tool to do it and it seems to be encrypted with it, i did a quick search and didnt come up with the tool, but if there is a newer better tool out there i would be willing to give that a try.
<<

mn_kthompson

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Tue Sep 19, 2006 1:59 pm

Location: Mankato, MN

Post Thu Sep 21, 2006 8:31 am

Re: Test your Hacking Skills

I just started them yesterday, and I'm having some difficulty with level 5 of game 1.  This is the first SQL injection challenge in the game.  I've looked over the psuedo code and injected the SQL that I believe would cause rows to come back, but I keep getting an error on the next page.  Unfortunately the error is rather generic and could mean a whole host of things.  I think I'm close to solving this, but I just need a push in the right direction.  Can anyone lend some assistance?
<<

LSOChris

Post Thu Sep 21, 2006 1:58 pm

Re: Test your Hacking Skills

<<

mn_kthompson

User avatar

Jr. Member
Jr. Member

Posts: 58

Joined: Tue Sep 19, 2006 1:59 pm

Location: Mankato, MN

Post Thu Sep 21, 2006 4:07 pm

Re: Test your Hacking Skills

Wow, Chris, thanks for the push.  I still dont really understand the answer though.  If you have a moment could you explain this to me?

I was trying to send the following to the server as the username:
' or 1=1; --

I thought that would have given me a final query of
SELECT * FROM $table WHERE user='' or 1=1; --' AND pass='$password'

which should have returned the first username in the table.  Why wasn't that working?  Was it something I was doing wrong?  Did the injected code have to be in the password field or should it also work in the username field?

Also, in the answer key you sent it appears that the solution is to basically do what I was doing, but replace every space with a quote in the password field, which would result in the following query, if I'm not mistaken
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'1=1--'
or
SELECT * FROM $table WHERE user='admin' AND pass='bla'or'a'='a

Why would we want to put quotes around 1=1--?  And what's up with the second one?  MySQL would throw a fit if I sent that to it. 

Thanks for any additional help you can provide.
<<

pcsneaker

Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Fri Sep 22, 2006 12:27 am

Re: Test your Hacking Skills

I was trying to send the following to the server as the username:
' or 1=1; --


That query works, but you have to add a space after the double dash to get it working.

[quote=mysql reference:]In MySQL, the ‘-- ’ (double-dash) comment style requires the second dash to be followed by at least one whitespace or control character (such as a space, tab, newline, and so on)[/quote]
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software