Đặng Văn Bằng(nullsession): write up hackertest.net

Password:null

From… view page source
<script language=JavaScript>
{
var a=”null”;
function check()
{
if (document.a.c.value == a)
{
document.location.href=”http://www.hackertest.net/”+document.a.c.va

lue+”.htm”;
.
.
.

————————
level 2 http://www.hackertest.net/null.htm

Password:l3l

From… view page source
<script language=”JavaScript” type=”text/javascript”>
var pass, i;
pass=prompt(“Please enter password!”,”");
if (pass==”l3l”) {
window.location.href=”http://www.hackertest.net/”+pass+”.htm”;
.
.
.

————————
level 3 http://www.hackertest.net/l3l.htm

Password:#000000

From… view page source
<body onload=javascript:pass(); alink=”#000000″>
<SCRIPT LANGUAGE=”JavaScript”>
function pass()
{
var pw, Eingabe;
pw=window.document.alinkColor;
Eingabe=prompt (“Please enter password”);
if (Eingabe==pw)
{
window.location.href=String.fromCharCode(97,98,114,97,101)+”.htm”;
.
.
.

————————
level 4 http://www.hackertest.net/abrae.htm

————————
level 5 http://www.hackertest.net/sdrawkcab.htm

Password:SAvE-as hELpS a lOt

From… view page source
<script language=JavaScript>
var pass, i;
pass=prompt(“Password: “,”");
if (pass==”SAvE-as hELpS a lOt”) {
window.location.href=”save_as.htm”;
.
.
.
————————
level 6 http://www.hackertest.net/save_as.htm

Password:hackertestz

From… view page source
<SCRIPT SRC=”psswd.js” LANGUAGE=”JavaScript”

type=”text/javascript”></script>

Open http://www.hackertest.net/psswd.js

<!–
var pass;
pass=prompt(“Password:”,”");
if (pass==”hackertestz”) {
window.location=”included.htm”;
.
.
.
————————
level 7 http://www.hackertest.net/included.htm

Username:phat
Password:jerkybar3

From… view page source
<body bg=”images/included.gif”>

Open http://www.hackertest.net/images/included.gif

————————
level 8 http://www.hackertest.net/pwd2.php

Username:zadmin
Password:stebbins

From… view page source
<form action=phat.php method=post>

Open http://www.hackertest.net/phat.php

Open http://www.hackertest.net/images/phat.gif

the result is “Look for a .PhotoShopDocument!” => PSD

Download http://www.hackertest.net/images/phat.psd

Open phat.psd using photoshop or gimp

Hide another layers, only show Background and DEMO DEMO DEMO DEMO

————————
level 9 http://www.hackertest.net/phat.php

Form… view page source
<!—————————————————————-

——————————————————————

—————– Password: Z2F6ZWJydWg= add a page extention to

that ————————————————————

——————————————————————

—————————— >

Decode Z2F6ZWJydWg= (base 64 to text), using online tools like:
- http://ostermiller.org/calc/encode.html
- http://webnet77.com/cgi-bin/helpers/base-64.pl
-

http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.as

px
- http://www.motobit.com/util/base64-decoder-encoder.asp
- etc.

The result : gazebruh

————————
level 10 http://www.hackertest.net/gazebruh.php

Password:shackithalf

From… view page source
<td width=”100%”><font size=”2″ face=”Tahoma”><i>S</i>treet Korner

is your
own online <i>hack</i>er simulation. W<i>it</i>h over 100 levels

that require
different skills to get to another step of the game, this new
real-life immitation will <i>h</i>elp you advance your security

knowledge.
This site will help you improve your JavaScript, PHP, HTML and
graphic thinking in <i>a</i> fun way that will entertain any

visitor! Have
a spare minute? Log on! Each level wil<i>l</i> provide you with a

new,
harder clue to find a way to get to another level. Only <i>f</i>ew

people
have gotten to the end of the maze… Will you crack this
site?</font></td>

The italic tag S-hack-it-h-a-l-f = shackithalf

————————
level 11 http://www.hackertest.net/gazebruh.php

From… hidden text, using Ctrl+A you can find clue “Level 11:

rofl.php”

————————
level 12 http://www.hackertest.net/rofl.php

From… view page source
<meta name=”robots” content=”goto: clipart.php”>

————————
level 13 http://www.hackertest.net/clipart.php

From… view page source
<meta name=”clue” content=”use graphic software”>
.
.
.
<img border=”0″ src=”images/logo.jpg” width=”300″

height=”145″></td>
.
.
.

View http://www.hackertest.net/images/logo.jpg, and zoom it, you

can find puta.php

View page source http://www.hackertest.net/puta.php
<meta name=”clue” content=”use graphic software”>
.
.
.
<td width=”100%” height=”267″ valign=”top”><b><font size=”7″

face=”Arial”><img src=”images/lvl13.gif”></font></b><p> </p>
.
.
.
View http://www.hackertest.net/images/lvl13.gif, and zoom it, you

can find 4.xml

In http://www.hackertest.net/4.xml, you can find 4xml.php

————————
level 14 http://www.hackertest.net/4xml.php

From… view page source
<meta name=”clue” content=”use graphic software”>
.
.
.
<img src=”images/bidvertiser.gif”>
.
.
.

View http://www.hackertest.net/images/bidvertiser.gif using GIMP,

you can find text TOTALLY!!! php

————————
level 15 http://www.hackertest.net/totally.php

From… Since you still have your photoshop open, check this out:

images/pass2level16.jpg << good luck with it!

Open http://www.hackertest.net/images/pass2level16.jpg, nothing =>

unavailable

————————
level 16 http://www.hackertest.net/unavailable/

From… view page source
UNAVAILABLE
<!– level 17: /images” –>

Visit http://www.hackertest.net/unavailable/images

View page source
<body background=”bg.jpg”>

Download bp.jpg, open with text editor, you can find Ducky.php

————————
level 17 http://www.hackertest.net/unavailable/Ducky.php

Password: your IP address

You can find your IP address, using online tool, such as:
- http://whatismyipaddress.com/
- http://www.ip2location.com/
- etc.

After login then view page source…
<b>Warning</b>: Cannot modify header information – headers already

sent by (output started at

/home/hackert/public_html/unavailable/Ducky.php:11) in

<b>/home/hackert/public_html/unavailable/Ducky.php</b> on line

../level18.shtml
.
.
.

————————
level 18 http://www.hackertest.net/level18.shtml

Scroll to bottom of page, you can find …
$pass) { $errormsg=$msg; show_login_page($errormsg); exit(); } else

{ setmycookie(); } } else { if ($_COOKIE[$cookiename]<>$pass) {

show_login_page($errormsg); exit(); } else { // do nothing } } ?>

/level19.shtml << told ya to think like a n00b!!!

————————
level 19 http://www.hackertest.net/level19.shtml

From… view page source
.
.
.
<td width=”100%” background=”images/level20_pass.gif”>
.
.
.

View http://www.hackertest.net/images/level20_pass.gif using GIMP,

you can find text “gazebruh2″

————————
level 20 http://www.hackertest.net/gazebruh2.htm

In the page you can see
1. hex.gif contain:

“436f6e67726174756c6174696f6e732532312b596f752b686176652b7061737365

642b746f2b6c6576656c2b31302e2b486572652532432b7468696e67732b6265636

f6d652b6d7563682b6d6f72652b6469666663756c742b2533422d2532395b486f70

652b796f752b6765742b7468726f7567682532312b456e6a6f792e”

if you decode it, the message “Congratulations%

21+You+have+passed+to+level+10.+Here%

2C+things+become+much+more+diffcult+%3B-%29[Hope+you+get+through%

21+Enjoy.”

2. some character:

VldwSk5Gb3lVa2hQUjJSclRUSlJlbFJITlU5TlIwNTBWbTE0YTFJelVqSlpNakF4WWt

kT2NFNVlWbUZYUmtZeVYycEtTbG95U25SUFZFNU5Xbm93T1QwOT09
if you decode it (base 64) 4 times, the message “Go to

http://www.streetkorner.net/gb now.”

3. using Ctrl+A, you find ^^^^^^^^^^ Change domain, add “22332″ at

the end, reach it and then get hold of … ^^^^^^^^^^

So my experiment end at http://www.hackertest.net/gb22332/ to reach

level 21, if it is exists

hackertest.net level 20

Hey there, here another try i use with google, type this site:http://www.hackertest.netinurl:*
and the suspicoues results are:
1. http://www.hackertest.net/gb22332/design/
- footer.inc.php
- guest.css
- header.inc.php
- send.inc.php
2. http://www.hackertest.net/gb22332/admin.php

it contain russian languages
Вход в админ.центр:
Логин:
Пароль:
Войти

in english
Log in admin.tsentr:
Login:
Password:
Log in

Đặng Văn Bằng(nullsession)

Thứ Tư, 19 tháng 3, 2014

write up hackertest.net

Không có nhận xét nào:

Đăng nhận xét