A Cool Websight

@AnacondaAndyauthorNov 01.2003 — #What do you all think about it??

@Paul_JrNov 01.2003 — #[i]Originally posted by AnacondaAndy [/i]

[B]What do you all think about it?? [/B][/QUOTE]

Not very much...I'm stuck on Security Level 5.

You're supposed to find a password out of this...

[code=php]
 function abfrage1() {
 var code = new Array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");
 
 Eingabe = window.prompt("Password : ","");
 
 if(Eingabe != ((code.length)*100)/2-66) <<<This is where I'm stuck
 {
 window.location.href="denied.htm";
 }
 else
 window.location.href=Eingabe+".htm";
 }
 [/code]

@zyexNov 01.2003 — #edited

sorry...i didn't look at the site until i had posted the advice that appeared in this post....

:-)

@AnacondaAndyauthorNov 01.2003 — #Hi Again...

I though you might what to know that "Eingabe" is German for Input

@zyexNov 01.2003 — #anyone manage to get past level 10?

i don't get it

@JustinNov 01.2003 — #it is good time waster lol

@AnacondaAndyauthorNov 01.2003 — #I'm only on level 4.....But I'm having fun!!!!

Happy Hacking,

[COLOR=darkblue]-Andy[/COLOR]

@EmteeMoeNov 01.2003 — #[i]Originally posted by zyex [/i]

[B]anyone manage to get past level 10?

i don't get it [/B][/QUOTE]

The password is stored in a seperate .js file. You can find the URL to the file in the level 10 source code.

@EmteeMoeNov 01.2003 — #If you have already found the seperate .js file, and cannot figure it out. Then, think data types.

@Paul_JrNov 01.2003 — #[i]Originally posted by zyex [/i]

[B]ok the statement specifies

if(Eingabe != ((code.length)*100)/2-66)

so Eingabe needs to be equal to ((code.length)*100)/2-66

which means

Eingabe needs to be equal to ((26)*100)/2-66

which means

26 * 100 is 2600

2600 / 2 is 1300

1300 - 66 is 1234

hence Eingabe needs to be 1234....

hope this has helped :-) [/B][/QUOTE]

Ah, thanks a lot man!!!

I was stuck with the " ((code.length)*100)/2-66 " part, I didn't understand what that meant.

@PeOfEoNov 01.2003 — #this isnt really hacking if you can view the source lol. I am blazing through this stuff, but I do not have time to finish this.

@Paul_JrNov 01.2003 — #Stuck again...Level 8.

@EmteeMoeNov 01.2003 — #[i]Originally posted by Paul Jr [/i]

[B]Stuck again...Level 8. [/B][/QUOTE]

As far as I can tell, the only way to get past this one is to do a directory listing.

@Paul_JrNov 01.2003 — #[i]Originally posted by EmteeMoe [/i]

[B]As far as I can tell, the only way to get past this one is to do a directory listing. [/B][/QUOTE]

...Directory Listing ? ...?

I'm very, very, new to Java Script.

@EmteeMoeNov 01.2003 — #Enter level 8 then copy down the complete URL. Open up a new case of IE and enter in the complete URL. Then delete everything after the last /. Then press enter. If this does not work a similar method will.

@Paul_JrNov 01.2003 — #Phatniss. Thanks a lot.

@zyexNov 01.2003 — #ok, does anyone speak german? if so what am i supposed to do on level 15

@pyroNov 01.2003 — #I've broken it through level 14 (working on 15), and now it's time to do something else for a while... ?

@AnacondaAndyauthorNov 01.2003 — #zyex, If the coding is in German go to Google, and beside the search field is a link for Language Tools....and that will translate it from German to English!!! Hope this helps,

[COLOR=darkblue]-Andy[/COLOR] ?

@zyexNov 01.2003 — #thanks andy, but its not german...i thought at first it was cos i didnt understand it.....

its a code that needs cracking....still working on it....can anyone point me in the right direction?

@Daniel_TNov 01.2003 — #the source code is not in german - german is not supported by most browsers. it is just written in ASP. i dont really know much about ASP, but there are some lines in the source code that i am familiar with (eg. end if) im sorry if this is incorrect, but this is the only conclusion i have been able to come to. please keep posted. please visit my site at http://www.nottooshabby.vze.com/! there's not uch on it, but i like to watch my hit counter go up, lol? - DanieL

@PeOfEoNov 01.2003 — #if its written in asp, then it is not client side. How do you intend to crack a server side language if none of the actual password data is in the source code?

@pyroNov 01.2003 — #Most of them are JavaScript. One was a Java class. Number 15 is .htaccess, but they help you along a bit.... Not sure what the final one is... ?

@Sux0rZh_jc0rzNov 01.2003 — #IRC channels & online boards

Giving solutions to levels, passwords or any sourcecodes is forbidden.

Giving links to any file relating to the levels on the ISATCIS site is forbidden.

Giving links to tools needed for a level is forbidden.[/quote]

@DaveSWNov 01.2003 — #But

On this website you have the opportunity to improve your knowledge about internet security LEGALLY. For instance simple JavaScript is unsuitable for protecting your homepage against unauthorized access. But there are still some other things.

ISATCIS will clarify it within a learning process which is based on tactical over- coming of 16 security levels where the inserted security bugs should be applied.
[/quote]

How can you improve your knowledge simply by doing tests? Without help of some sort or another it's not a 'learning process'.

Speaking of which, any help with number 10? LOL

@pyroNov 01.2003 — #Which one was 10?

@DaveSWNov 01.2003 — #An external .js file about some bloke with a name beginning with t. LOL


[/quote]

@ColdSteelNov 03.2003 — #emteeMoe...judging by your user name I know exactly who you are and you know exactly who I am...LOL...I am on level 8 and am working on it a bit...but I think that the site is great to teach what NOT to rely on for security...I mean the best guys to ask about how to make a secure website are the hackers!?

@ColdSteelNov 03.2003 — #What the heck do they mean by the traffic problem on level 8???? I figured out the password but can't get in; keep getting a stupid cartoon in German...hmm...anyone else have the same prob?

@AdamGundryNov 03.2003 — #Dave, you have been caught by a cruel trick involving relative URLs.

I'm stuck on 12 - I figured out the algorithm, but I keep getting the message " wrong ID - but you're on the right way."

Adam

@pyroNov 03.2003 — #[i]Originally posted by AdamGundry [/i]

[B]I'm stuck on 12 - I figured out the algorithm, but I keep getting the message " wrong ID - but you're on the right way."[/B][/QUOTE]Yeah, I thought that one was kinda dumb, as it relies a bit on guesswork. I eventually got it, as there are only so many combinations that can produce the needed password. Just tried valid patterns until one matched... ?

@Paul_JrNov 04.2003 — #I'm Still Mucking Around With 10.

@DaveSWNov 04.2003 — #[i]Originally posted by AdamGundry [/i]

[B]Dave, you have been caught by a cruel trick involving relative URLs.

[/B][/QUOTE]

Cheers Ad! Got it now LOL

@AnacondaAndyauthorNov 04.2003 — #How do I view the code for level 5????

@DaveSWNov 04.2003 — #Just scroll down...

@AnacondaAndyauthorNov 04.2003 — #Thanks Man, that was as easy as 1234!!!!!!!!!!!?

@AnacondaAndyauthorNov 04.2003 — #Anybody make it to level 16 yet? ?

P.S. Were can I get a free 50x50 aviator?

Thanks..

@zyexNov 04.2003 — #still stuck on 15.....i've given up

@KeithMcLNov 05.2003 — #OK, I give up. I can't get past level 10. The contents of the external source code has me completely confused.

I might come back to it at another time ?

@AnacondaAndyauthorNov 05.2003 — #I finally made it to 9!!!!!!!!!!!!!!!!!!

@AnacondaAndyauthorNov 05.2003 — #What city do they mean in 9 url?

@pyroNov 05.2003 — #There are not all that many choices... Just try the possibilities, if you do not know which of them is a city... ?

@AnacondaAndyauthorNov 05.2003 — #"http://scifi.pages.at/hackits/nine/"+document.a.c.value+".htm" this is the URL we are talking about right?!?!

@Paul_JrNov 05.2003 — #Someone PLEASE help me with 10?! This is driving me insane.

@ColdSteelNov 06.2003 — #Paull Jr....

Level 10 isn't too hard...just have to think a bit...have you gotten to look at source4.js yet? if so it's not too hard....if not...get to it...that part isn't hard. Once your there, think abuot why they would name the variable lol...or Laugh Out Loud....the answer is kind of funny. Only one more hint...there putting you on a bunny trail....

Oh, and Andy, just go to level 9 and look at the url....it's not really confusing...there were only two possibilities that I could see....

I'm currently working on level 12...that's a doozy....One thing's for sure...Javascript is not a secure language....

@AnacondaAndyauthorNov 07.2003 — #[i]Originally posted by pyro [/i]

[B]There are not all that many choices... Just try the possibilities, if you do not know which of them is a city... ? [/B][/QUOTE]

Could you give me a hint???????

I don't get it....?

@pyroNov 07.2003 — #Post the URL of the page here... I don't have it saved, and I'm not going to run through it again to look for it...

@DaveSWNov 07.2003 — #Hannover... Nice place innit? LOL

@AnacondaAndyauthorNov 07.2003 — #Here is the link... "http://scifi.pages.at/hackits/nine/"+document.a.c.value+".htm"; thanks?

@pyroNov 07.2003 — #Nope, that's not the one they are looking for....

@DaveSWNov 07.2003 — #We want the url of the page itself - the one that says HANNOVER! So instead of giving us the url just TYPE IN HANNOVER LOL!

@htayCNov 07.2003 — #After reading the replies here about level 10, I still dont know the password.

Anyone care helping me ? Pleeeeeeeeeeeeeeeease

@ColdSteelNov 07.2003 — #Htayc...

Have you gotten to view Soure4.js? If so, think about what's going on...if I remember right, on that level they are naming a variable "LOL" and giving it a value of a math problem....but they are putting you on a bunny trail....'cause the math problem is in quotes....so, hopefully you could figure it out from there...if not, I'd be more than glad to help out more...

@ColdSteelNov 07.2003 — #Oh, and Andy...

Since I know you personally I won't hold it against you...but the thing about Hannover...well, all I can say is LOL! No really....I'm glad that you got it (or where given it...).

@htayCNov 07.2003 — #I have read the source4.js file many times with several applications, and all I see is this..

<!-- Tschebyscheff said it, and I say it again:

There is always a prime between n and 2n.

...have a nice day...
  -=[the creator]=-

//-->

@ColdSteelNov 07.2003 — #Adam,

you still stuck on level 12? If you are getting the wrong id...but your on the right track error...than there are only about 6 possibilities to try with the numbers....

@ColdSteelNov 07.2003 — #htay...

tell you what...go to level 10...then go into "search" (if your on a windows PC) and look for source4.js....then open it in notepad...when I open it I see them naming a variable as LOL and a math problem as the value....

@htayCNov 07.2003 — #I have tried that, it is not showing up at all.

@DaveSWNov 07.2003 — #htayc: take the url of question 10. remove the filename. paste on the url (includin the www.) of the js. Then see what happens.

@ColdSteelNov 07.2003 — #On level 12 there are more than 6 different variations...working on finding it out...

@htayCNov 07.2003 — #Still nothing, it is not displaying anything outside of the tags.

@ColdSteelNov 07.2003 — #I got to get off-line right now...but I'll look into it and reply to the forum soon...

@DaveSWNov 07.2003 — #does your url look like this?

http://scifi.pages.at/hackits/www.academy.dyndns.org/hackits/security_levels/source4.js

??

For the javascript part.

@htayCNov 07.2003 — #I only had the www.acad...... bit.

Thanks Dave

@pyroNov 07.2003 — #[i]Originally posted by ColdSteel [/i]

[B]Adam,

you still stuck on level 12? If you are getting the wrong id...but your on the right track error...than there are only about 6 possibilities to try with the numbers.... [/B][/QUOTE]Actually, there are tons of possible combinations.

@htayCNov 07.2003 — #Sorry Dave, I should have read that post fully ?

@ColdSteelNov 07.2003 — #Pyro,

Yeah, you're right...sorry about that people....I got mixed up...realized that there are a LOT of possibilities...am currently trying to figure it out....and htayc....when I meant to search for it I meant on your harddrive....everything you view goes into your browsers cache, or temporary internet files...so you can get the source from it off the local machine if it has viewed the site....

@ColdSteelNov 07.2003 — #FINALLY got through level 12.....yeah...there are a whole lot more than 6 different combinations...more like 30 something....hehe...stupid me....

@AdamBrillNov 07.2003 — #[i]Originally posted by ColdSteel [/i]

[B]FINALLY got through level 12.....yeah...there are a whole lot more than 6 different combinations...more like 30 something....hehe...stupid me.... [/B][/QUOTE]Actually, to be mathimatically correct, there are 36 choices.

(The code to prove that):

nums = new Array();
 for(x=0; x&lt;10000; x++){
 str = String(x);
 while(str.length&lt;4){
 str = "0"+str;
 }
 if(str.charAt(0)*str.charAt(1)*str.charAt(2)*str.charAt(3)==12){
 nums[nums.length] = str;
 }
 }
 alert(nums.length);

Also, if someone helped you break through it, then you really can't say that "you" did it, since "you" didn't. All "you" did is type in the password that someone told you(or told you how to get). :rolleyes: It seems kind of dumb to ask for help on a challenge...

@htayCNov 07.2003 — #Level 12 was soooo easy.

@KeithMcLNov 08.2003 — #AnacondaAndy, re-read the text in level 9. It can be a little bit confusing. Remember to read the entire URL ?

@benjaminNov 08.2003 — #its driving me insane, how the hell can i read that class crap, give me the answer someone!!!!!? ?

@AnacondaAndyauthorNov 08.2003 — #[i]Originally posted by DaveSW [/i]

[B]We want the url of the page itself - the one that says HANNOVER! So instead of giving us the url just TYPE IN HANNOVER LOL! [/B][/QUOTE]

Thanks!!!!!!!!!:rolleyes:

@ColdSteelNov 08.2003 — #BTW...no one told me the number to level 12....just didn't want anyone thinking that...not that it matters...about the class...if someone is going to respond to benjamin...please do it in a private message...that would spoil it for others...(myself included; I am by far not a java or javascript expert...)....

@pyroNov 10.2003 — #[i]Originally posted by AnacondaAndy [/i]

[B]Please, nobody post answers on this post....[/B][/QUOTE]Then stop asking questions. :rolleyes:

@AnacondaAndyauthorNov 10.2003 — #Sorry...and thanks alot for your help!!

@ColdSteelNov 10.2003 — #uh, Andy...don't take what I said personally...just doing some friendly kidding...hehe...has anyone passed level 14? I am having trouble with it....

@pyroNov 10.2003 — #Yes, I passed level 14. Took a bit of time to factor the whole thing down... ?

@ColdSteelNov 10.2003 — #well, I'm working on it...but uh, it's a little bit confusing....hehe....?

@AdamBrillNov 10.2003 — #I got to level 15... Level 15 uses htaccess, so that kinda has me stumped. I got the encrypted password and ran it through a couple word lists, but it didn't come up with anything. I also ran it through a program to test it with every possible combination up to 5 characters long with only lower-case characters... No results. Due to the fact that I don't have a super computer, it is very hard for me to go much longer than that. ? I'll try running it through checking for more characters but only 4 long and see if I come up with anything... I'll let you know(but I won't tell you what it is, even if I DO find out. :p)

@AnacondaAndyauthorNov 14.2003 — #I'm on eleven at last!!!!!?

@Sux0rZh_jc0rzNov 18.2003 — #this thread is the most viewed thread in the entire general section.... wow.

@AnacondaAndyauthorNov 18.2003 — #Awesome I have the most viewed post..............Sweet!!!!?

@Sux0rZh_jc0rzNov 18.2003 — #yes well i made a little mistake there. the most viewed in the last 30 days. an old post called ponderous and another one started by Code one both have more page views than yours, but they are really old and both have been closed because they got off topic.

@AdamBrillNov 18.2003 — #[i]Originally posted by Sux0rZh@jc0rz [/i]

[B]both have been closed because they got off topic. [/B][/QUOTE]And it looks like you guys are well on your way to getting rid of this thread, too. :rolleyes:

@ColdSteelNov 18.2003 — #Hehe...the supreme master has spoken...better heed the advice of the master...

@AnacondaAndyauthorNov 18.2003 — #I need some help on 11...but don't give me the answer, just a hint? Thanks.........

@ColdSteelNov 18.2003 — #Hey Andy...get on AIM and I'll help you out...

@hpmad7Jun 21.2005 — #For level 10...

Look:

www.academy.dyndns.org/hackits/security_levels/source4.js

usually, when you link to a url, you have http:// in front of it. but this doesn't. So that means that it would be to this link:

[Don't CLICK THIS IS YOU Don'T WANT THE ANSWER]

http://academy.dyndns.org/www.academy.dyndns.org/hackits/security_levels/source4.js

Save the js file and open it with notepad. You'll find the variable lol there, etc.

@hpmad7Jun 21.2005 — #For help on Level 10:

this is the src that it links to

www.academy.dyndns.org/hackits/security_levels/source4.js

but there's no HTTP in front of it! That means that is must go to...

www.academy.dyndns.org/www.academy.dyndns.org/hackits/security_levels/source4.js

Save the file, open it, look at the varible lol and figure it out from there!

@JonaJun 21.2005 — #[font=Trebuchet MS]I just started a couple minutes ago, and I’m on level fourteen. Thanks for pointing out the challenge, AnacondaAndy. When I get more time, I’ll crack the last three levels. ? I bookmarked the one I’m on so I won’t lose it.[/font]

A Cool Websight

92 Comments(s) _↴

Also in #Full-stackDeveloper _↴

Success!

Social

Version

A Cool Websight

92 Comments(s) ↴

Also in #Full-stackDeveloper ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

92 Comments(s) _↴

Also in #Full-stackDeveloper _↴