Security Challenge 1 re-visited.

h57xiucj2z946q · 01-02-2012 11:33PM #1

Decided to put this back up for people who missed it. If your stuck, you can look through the old threads. The old threads also contain a solution if your really stuck. Passwords and stuff have been changed since.

The other challenges aren't suitable to host on free hosting.

http://damo.clanteam.com/sch1

06-02-2012 03:51AM

I enjoyed that. I could spend hours on end messing with these types of vulnerabilities.

Thanks :-)

dlofnep · 07-02-2012 02:43AM

Unless I had something cached, there was no challenge to complete - Just a hall of fame page without authentication? Unless it's saved from the last time I did it? Confused..

gouche · 07-02-2012 08:28AM

I had the same issue as dlofnep - clicked admin button and it allowed me to put name on Hall of Fame.

Feel free to delete my name as I didn't actually complete the challenge:P

h57xiucj2z946q · 07-02-2012 08:45AM

Oops, accidentally ran some "fixer" on the free hosting last night which modified some important files I had hosted. Its fixed now though.

dlofnep · 07-02-2012 01:39PM

Cool done. I noticed you implemented extra security on other areas of the system this time

h57xiucj2z946q · 07-02-2012 01:51PM

dlofnep wrote: »

Cool done. I noticed you implemented extra security on other areas of the system this time

heheh not me, that comes as part of the free web-hosting :-)

21-02-2012 06:42PM

Are you going to re-visit any more of the older challenges?

I think these challenges are great for learning, I've learned lots of new stuff the fun way :-)

h57xiucj2z946q · 21-02-2012 07:06PM

I'm afraid the other challenges aren't really suitable to host on free webspace.

DonkeyStyle \o/ · 28-02-2012 09:02PM

Thanks. Very educational. And a bit scary, which is always a good sign.

Had JTR running for about 90 mins on 4 cores, then tried the 'all' wordlist and got it in a split second (facepalm)

JimmyCrackCorn · 29-02-2012 03:24AM

I have it

Nice one btw. Enjoyed that allot.

Need to get wordlists off machine i packed away.

h57xiucj2z946q · 29-02-2012 09:31AM

I think the bigger one that comes with John the Ripper should be fine.

dlofnep · 29-02-2012 12:27PM

People must remember, it's just a game - so Damo will never make you jump through hoops for one very small thing such as the above.

JimmyCrackCorn · 29-02-2012 11:59PM

Thanks damo complete.

Id love to do a few more of these. Thanks for going to the effort of making it.

h57xiucj2z946q · 01-03-2012 12:29PM

JimmyCrackCorn wrote: »

Thanks damo complete.

Id love to do a few more of these. Thanks for going to the effort of making it.

Feel free to try:
http://damo.clanteam.com/sch6
http://damo.clanteam.com/sch7

JimmyCrackCorn · 02-03-2012 12:12AM

Thanks Damo.

That's sch6 complete. Spent a while trying to get the syntax right.

h57xiucj2z946q · 02-03-2012 09:36AM

Sweet,

there also is:

http://damo.clanteam.com/pin
http://damo.clanteam.com/sch2

[-0-] · 25-03-2012 05:52PM

Got this one as well. Cheers again Damo.

jank · 07-12-2012 05:34AM

Bumping this as not sure if the same weakness is there?

Tried the http://damo.clanteam.com/sch1/index.php?page=/etc/passwd but no cigar

h57xiucj2z946q · 07-12-2012 06:41AM

Right idea, but wrong file. You cannot transverse outside my webroot.

jank · 10-12-2012 12:18AM

Thanks, got it after lots of cheating. Onto the second one now.

Security Challenge 1 re-visited.

Comments