Security Challenge III (Hacking Challenge)

h57xiucj2z946q

Its that time again. The third challenge is here. Try get on the hall of fame.

Its a little bit more difficult than the last challenge, so if people are finding it too difficult, I will start dropping hints around the server. As before, there is two parts to this challenge. First part is fairly trivial, 2nd part may catch people out!

Please read the rules on the main page before you continue.

Enjoy..

http://damo.dyndns.info/

You can also join irc.2600.net #2600ie

dlofnep

Woohoo Will give it a shot. Thanks for setting it up.

Pygmalion

I don't think this is a spoiler at all, but just in case...

Is brute-forcing required here or is there something clever going on with the passwords?

h57xiucj2z946q

Pygmalion wrote: »

I don't think this is a spoiler at all, but just in case...

Is brute-forcing required here or is there something clever going on with the passwords?

Hey..

No brute forcing or guess work is required. Instead try figure out how im checking the passwords your submitting

Pygmalion

Hayden Puny Stationery wrote: »

Hey..

No brute forcing or guess work is required. Instead try figure out how im checking the passwords your submitting

Ah, in that case I'm stuck, I'll keep playing around with what I have and a python shell to see if I can find any meaning in what I've managed to get so far for a password :P.

dlofnep

I think we're on the same stage

h57xiucj2z946q

Without giving anything away, think 900913 is a little bit further, but maybe stuck at that point. May have to drop hints soon hehe.

dlofnep

Progress

syklops

dlofnep wrote: »

Progress

Dont be saying stuff like that. Less chance of hints then

Pygmalion

syklops wrote: »

Dont be saying stuff like that. Less chance of hints then

My thoughts exactly

dlofnep

Think about what page is validating, and how one might view that page to see what it's doing.

Pygmalion

Ah I see what I have to do now, looks tricky, but I assume once I "get" it it won't be too infeasible.

c0ne

Hi there,

I got the login credentials... any hints on the pwd format?

Greets,
c0ne

dlofnep

Don't bother trying to crack it That's the only tip I can give you. You'll need unconventional methods to figure it out.

Pygmalion

Any ideas/hints for getting a valid password? Is it a dictionary word or something?

I see what's going on on the server-side, but I don't see how I'm supposed to use that, and google isn't helping much, I've run through a fairly large dictionary list doing essentially what the login-check.php seems to be doing but that gives no results either

.

h57xiucj2z946q

The crypt is not reversible, in the sense that the same algorithm reversed won't give original input.

But its not a one way hash either. So what does this leave?

Google up on the functions that im using. See what they're used in.


No brute forcing is necessary. When you figure out what it is, it shouldn't require more than 5 minutes of CPU power.

This is a very good hint.

h57xiucj2z946q

Those of you running

SQL

scanners, most of them have been blocked so they won't give you any results. This is to not only to make you do the work yourself, but to prevent hammering the server. If your having trouble, post here for help.

Pygmalion

Hayden Puny Stationery wrote: »

The crypt is not reversible, in the sense that the same algorithm reversed won't give original input.

But its not a one way hash either. So what does this leave?

Google up on the functions that im using. See what they're used in.


No brute forcing is necessary. When you figure out what it is, it shouldn't require more than 5 minutes of CPU power.

This is a very good hint.

I see what's being done to the password entered, and what it needs to match... But I don't really see any feasible way to get a working password from it.

Can I PM you to see if I'm at least going in the right direction?

h57xiucj2z946q

You can yeah.

Pygmalion

Hayden Puny Stationery wrote: »

You can yeah.

Done, am I thinking about it the right way?

h57xiucj2z946q

Pygmalion wrote: »

Done, am I thinking about it the right way?

Pretty much yeah, well done. Sent you on some guidance.

Pygmalion

Done :P

h57xiucj2z946q

Wooo! Well Done. Send me a PM of your approach. I will also send you on some details that you may find interesting.

Also what did you think of the challenge?

Pygmalion

Hayden Puny Stationery wrote: »

Also what did you think of the challenge?

Pretty good, started off as a straight-forward enough

SQL injection one, got the usernames and "passwords"

ok, but then a couple of really nice twists after that, and

how the passwords were actually dealt with was pretty awesome, actually makes you think, as opposed to the usual things, where they're either kept in plaintext, XORed against a constant in the source or you just need to throw them into some password brute-forcer and wait without really getting what the hell's going on

.

c0ne

Almost there...

h57xiucj2z946q

c0ne wrote: »

Almost there...

c0ne 2011-04-26 10:55:37

Well done!

c0ne

i could have done it faster, if i didnt mistyped some MySQL function last night..

Thanks damo2k, i noticed your post of cracking4newbies last night.
Cool 'hackme' you made

h57xiucj2z946q

Sweet, its had been a while since I was on #cracking4newbies @ EFNet.

h57xiucj2z946q

Are people stuck? Do you's need more hints?

900913

Yes, I'm still stuck.

It's a great challenge but the last part turns my brain to mush.

h57xiucj2z946q

Those of you stuck on the password stuff, look back at the furtherest point you got. I dropped a big hint.

For the others stuck, send me a PM.