This tutorial is to help anyone who is struggling with the current challenges. rather than provide a walk through though this just aims to give you a few more hints in the right direction.
Challenge 1
This just requires seeing the sites source. look for clear English rather than html code
Challenge 2
See the source again. This time you are looking at script. once you find it, try to find the username and password. Even if you haven't programmed in JavaScript before it should still be easy to find.
Challenge 3
This will require some research. see if the contents of the text file may give you a clue to what you need to research. wikipedia has a helpful article, and so does the articles section of this site :)
Challenge 4
This one requires knowledge of how browser cookies work. The best way to display cookies is in a JavaScript alert box. How this is done is left up to you. Then once this is done you will see a cookie that clearly needs changing. Go for the obvious answer and use JavaScript again to change this.
Researching some basic JavaScript commands would definitely benefit you.
Challenge 5
This one is actually fairly easy, don't over think it. the source may reveal something about this email form. the problem is changing this information. Saving the webpage to you computer wouldn't work alone, some changes may be needed in order for it to.
Challenge 6
I am expecting a lot of people as you either know it or you don't. Site crawlers have to read a certain permission file first because of course site owners don't want some of their pages included in googles search. the site displays disallowed sites in clear text in a file and if you view the text file, you might be able to visit them
for a little more help, click here
Challenge 7
Yet another you either know or you don't. google the hint listed on the page, maybe you'll find a few useful things. try them on this site and you might get lucky.
Then you find an encrypted password. this password is the same encryption unix will use as well as htpasswd logins so it would definitely help if you learn how to crack it. theres some amazing crackers out there. look for john :)
Challenge 8
Some applications can just be cracked by opening them in notepad but this one cant be. instead you should try to patch it using ollydbg. This is more like what you would actually do trying to crack a real program.
Opening it up in ollydbg just shows a lot of hard to understand text, but to start off click search for --> all referenced text strings. this will make things easier. double clicking them shows you where they are in the program. you are also interested in the "fill with NOP" command. I will hopefully post an ollydbg tutorial on the site soon.
Challenge 9
The simple substitution cipher. This encryption just swaps letters for other letters in the alphabet with nothing else involved. this basically comes down to guess work with also some general knowledge such as the letter 'e' being the most common letter in the English language. try swapping the most common letter in there with 'e' and go from there.
also look for small words that might be common words such as 'the' or 'is' for example.
Challenge 10
First find its direct location. Then download it. Despite thinking this is easy, it isn't as easy as expected. you may need additional things you help you see what makes it up.
a little note: flash scripting language is known as actionscript.
Realistic Challenge 1
The pages again contain something hidden. Once you find what your looking for, knowledge of JavaScript injections will be needed to beat this. As a little security, the site makes sure that you pay at least something. This is identical to a certain famous method sites use to let you pay for something. Next time you come across a pay site, try this you might get lucky.
Realistic Challenge 2
This is fairly hard. The first step involves exploiting a certain form using SQL. Then after that, the challenge gets a little easier. There's an obvious option that should be tried then you will need to decrypt something then the last part of the challenge will be easy.
Realistic Challenge 3
This is slightly easier than the previous realistic. A lot of the pages are just decoys and need to be ignored. But one contains an extra (hidden) element that should be exploited. Once you've figured out how to do this, half of the challenge is done already. Next, just think if anything that's shouldn't usually be added could be to change the site in some way.
Realistic Challenge 4
Again, fairly hard. Look for an input that can be changed and see what happens. Then next you will need to look for the Highlight: Include path. Once that has been found it should be easy to manipulate the script and use it to explore parts of the site perhaps you shouldn't be allowed to.
Programming Challenge 1
Find a way to download visual basic 6 and research how to make basic programs with it. The hints already supplied should be enough already.
Bonus Challenge 1
This just requires seeing the sites source. How you do that is up to you. theres a few different ways of seeing a site source without it even loading i'll have to leave that up to you
Bonus Challenge 2
The form gives this away. even though something may appear encrypted in a strange unrecognisable text, google may help you find out more about that text.
Then the next step once this is decrypted is changing it. if you've done the email challenge, you should manage.
Bonus Challenge 3
Firefox makes this so much easier than Internet Explorer to complete. just type about:config into your browser and start looking through. Failing that a little google research might reveal a few things.
Bonus Challenge 4
The page contains something hidden. Compare the page to another challenge page. even if it looks like part of the site, check it out it may be useful. then just open it in an editor and try a few different things.
Bonus Challenge 5
The image - rather than having something hidden in the image has a whole file hidden inside of it once you find out that file, the challenge is done :) more help will be available for this in the forums if requested.
Bonus Challenge 6
This is a very hard encryption. It would help you to start off by downloading the script, then learn about the JavaScript commands involved. Adding a few alerts here and there might also help you to understand how the code works.
Bonus Challenge 7
Nothing complicated about this, just plain old brute forcing, all you have to do is find decent programs to do the job. The passwords are short, so shouldn't take too long to crack.
Bonus Challenge 8
This is completely common sense. However, it doesn't involve guessing the password, you will find the password if you think about this challenge. If you've got the music player frame open, starting by displaying the challenge in its own frame will be a good start.
Bonus Challenge 9
Don't over think this. Just do each of the bullet points top to bottom and it should be a lot easier than it seems.
Application Challenge 1
Get a basic hex editor and look at the app's code. It should be fairly easy to find what the app is looking for.
Application Challenge 2
Again a hex editor is useful. There are a few ways to do this, the simplest being keyboard shortcuts. Edit one of the buttons to include a shortcut and its done already.
Application Challenge 3
This can be done with notepad. Just view the app and try and find what it is checking. Try copying and re-running and this challenge is solved.
User Challenge 1
A little knowledge of JavaScript functions is again useful. The password is not a usual password. you may need to know a hex colour code...
User Challenge 2
This is very basic stegano, read the stegano tutorial and the challenge should become very easy. It will probably be a lot simpler than it appears to be.
---
For further help please use our challenge help forum.
Was this tutorial helpful? please rate:
You Must Login To Vote
Next Tutorial
Tutorial By t0mmy9
Comments:
sorry, i havent added it yet, there will be a new irc channel tonight that will help you though
Hey, can you help me with Bonus 4? I can't figure out how to do it...
