RE: HackIng Test
(11-30-2009 08:46 PM)Chip Wrote: (11-25-2009 09:07 PM)r3v3rsibl3 Wrote: Try this one also : http://www.hack-test.com/
////////////// Aksshay - r3v3rsibl3 ////////////
LEVEL 1
-------------------------------------------------------------------
Looking in the source code, we see:
<script language=JavaScript>
{
var a="null";
function check()
{
if (document.a.c.value == a)
{
document.location.href="http://streetkorner.net/"+document.a.c.value+".htm";
}
else
{
alert ("Try again");
}
}
}
</script>
This is a Java Script. Variable A represents the string "null". The script is activated once you press the "Log In" button. If you entered null as password, you go on to level 2.
LEVEL 2
-------------------------------------------------------------------
You are prompted to enter a password.
Looking in the Source Code once again we see a Java script:
<script language="JavaScript" type="text/javascript">
var pass, i;
pass=prompt("Please enter password!","");
if (pass=="l3l") {
window.location.href="http://www.streetkorner.net/"+pass+".htm";
i=4;
}
</script>
The password is obviously l3l
On to Level 3...
LEVEL 3
-------------------------------------------------------------------
Some more of Java here.
<SCRIPT LANGUAGE="JavaScript">
function pass()
{
var pw, Eingabe;
pw=window.document.alinkColor;
Eingabe=prompt ("Please enter password");
if (Eingabe==pw)
{
window.location.href=String.fromCharCode(97,98,114,97,101)+".htm";
}
else
{
alert("Try again");
}
}
</SCRIPT>
The script compares what you enter in the password field with the alink color in the HTML text on the page. In the <BODY> tag you can see:
<body onload=javascript:pass(); alink="#000000">
So, the script is activated whenever a page is loaded, and the password is #000000
LEVEL 4
-------------------------------------------------------------------
If you click on "Click here" you are immediately prompted for a password. If you enter an incorrect value, you'll get redirected back a page.There is no way you can see the source code thru the browser window. Here's what you do. You right-click on the "Click here" link and Save the target to your computer. When it's downloaded, open it up with a text editor, ex. Notepad. You see the script now:
<script language=JavaScript>
var pass, i;
pass=prompt("Password: ","");
if (pass=="SAvE-as hELpS a lOt") {
window.location.href="save_as.htm";
i=4;
}else {alert("Try again");
window.location.href="abrae.htm";}
// -->
</script>
This is the same script from Level 2 with a different password. The password: SAvE-as hELpS a lOt
LEVEL 6
-------------------------------------------------------------------
Level 5 was the file above, so here's level 6.
JavaScript gets harder here: an include is used here.
<SCRIPT SRC="psswd.js" LANGUAGE="JavaScript" type="text/javascript"></script>
Then, it is prompted by the code above this line:
<script language="JavaScript" type="text/javascript">
<!--
var pass, i;
//-->
</script>
If you go to /psswd.js once again you see the same script:
<!--
var pass;
pass=prompt("Password:","");
if (pass=="streetzkornerz") {
window.location="included.htm";
}else
alert("Try again...");
//-->
Password: streetzkornerz
LEVEL 7
-------------------------------------------------------------------
This page is a little different from all other pages. If you look careful you can see that images/included.gif is the background file. If you look at it, in the bottom right corner you can see the login passsword:
phat;jerkybar3
LEVEL 8
-------------------------------------------------------------------
The comment in the HTML will save you some time:
<!-- YOU'RE LOOKING IN THE WRONG PLACE... GO BACK! -->
Just click "Log In" and look at the source:
<BODY BGCOLOR="ffffff" TEXT="000000" BG="images/phat.gif">
Look at the image, and you can see: Look for a PhotoShopDocument!
Meaning, go to phat.psd. Open the file up, and play with the layers in Photoshop to see the login and password!
LEVEL 9
-------------------------------------------------------------------
The background file is to distract whoever tried to get past this level.
Look about 3/4ths of the way thru the code by scrolling down the Source Code page:
Password: Z2F6ZWJydWg= add a page extention to that
This is decoded in base64. Find a Base64 decoder somewhere via a search engine, example:
Answer - gazebruh, add an extention to that, .php in our case: gazebruh.php
LEVEL 10
-------------------------------------------------------------------
Combine all the italic-font letters to form a password: shackithalf
The easiest level. Select the white space with a mouse and you see:
Level 11: rofl.php
LEVEL 11
-------------------------------------------------------------------
The background is made to distract the hacker. A fake meta tag is revealing the answer: clipart.php
LEVEL 12
-------------------------------------------------------------------
The logo is different, although it is hard to notice that. It's a jpg instead of gif. Open it up in Photoshop and play with contrast and brightness, and you should see "puta.php" on the European continent. So, that's the next level.
LEVEL 13
-------------------------------------------------------------------
Same thing here, only now you gotta pay attention to "Level 13". It is now an image, not text. Do the same thing you did on level 12 to find a file, 4.xml. On 35th line you see: 4xml.php. There you go! 
LEVEL 14
-------------------------------------------------------------------
Use the clue on the page. It's the same thing again! Look at the bidvertisers, it's an image. Open it up with ImageReady or any other software that lets you edit .GIF animations, and you'll see that the 6th frame shows the link to the next level: /totally.php
LEVEL 15
-------------------------------------------------------------------
Right-click on the link to save the image file on your computer. If you open it it won't load because the file is corrupted. Try looking in it with a NotePad or any other text editor, and you'll see a link to: /unavailable << there's Level 16.
LEVEL 16
-------------------------------------------------------------------
Page source suggests the answer, which is quite different from what you've seen so far: go to unavailable/images. You see an index page with a background file: bg.jpg. Save it on your computer, and open with a text editor like you did on level 15. What do you see? Ducky.php, go there.
LEVEL 17
-------------------------------------------------------------------
A careful looker can tell that the LEVEL 17 is a different color unlike before. But it's just because of the CSS I added to the script. Here you have to think differently than before.
If you select with your mouse right over the table you'll see:
Password: your IP address
So, find out what your IP address is, enter it in the box, and look for the file of the next level, which is /level18.phtml under the root directory.
LEVEL 18
-------------------------------------------------------------------
You really should think like a n00b... what kind of password would a newbie admin put in? Of course, "password" :-)
Or, to be even more n00bier, just go on to level19.phtml 
LEVEL 19
-------------------------------------------------------------------
Would a n00b go to images/n00b.gif? Course not!
Notice a images/level20_pass.gif in the code. Open it up with ImageReady, or just wait 20 minutes for the answer to flash for 1/10th of a second, and you got gazebruh2.htm
LEVEL 20
-------------------------------------------------------------------
A long way to type up this stuff :-) Anyways, decode it and you get a link to /gb.
This is the final level to hack, you got to get to the admin panel to see a "Congrats" message. All you have to do is think like a hacker here. Go to /admin.php and you'll see some russian scribble. Make up a login and a pass, and remember them! A file will be created. Enter them in again, and you're done with the game
not bad at all i could only manage through 11....before i read down the page and see you allready passed all 20...where u from
men are from mars,women are from venus,computers are from hellmy blog
|
Search
Member List
Calendar
Help
