Try To Hack

[korme]

Try2Hack

See how far you can get.


I quickly got stuck on level 2.

[mckerney]

Got level 2.

[Joe Canadian]

I'm stuck on Level 2

[VPI97]

On level 4

[Joe Canadian]

Anyone wanna PM me a hint for Level 2?

[Philliesfan980]

What the hell is up with this? I can't even get past level one.. I tried everything I can think of, whats the trick?

[Aesyrqwe]

I feel smart, i suck with computers, but got to level 2

-Aes-

[korme]

try right clicking phiilies, thats the only hint i can give you for level 1

[mckerney]

Level one: Simple as hell. Password is right in the HTML source.
Level two: A little harder, but username/password are contained in the shockwave file.

[mckerney]

I've found what I think should be the password for level 3, but it doesn't seem to work.

[VPI97]

Quote:

Originally posted by Joe Canadian
Anyone wanna PM me a hint for Level 2?

Sent

Quote:

Originally posted by mckerney
I've found what I think should be the password for level 3, but it doesn't seem to work.

You didn't find it. Know your HTML.

[mckerney]

Quote:

Originally posted by VPI97
Sent

You didn't find it. Know your HTML.

which is part of the problem, I don't really know HTML

[Aesyrqwe]

can i get a pm for level 2? just so i dont lose sleep over the damn thing..

-Aes-

[VPI97]

Quote:

Originally posted by mckerney
which is part of the problem, I don't really know HTML

But you do know what the 'src' parameter means, don't you?

Anyway, I'm at a stopping point on level 4...I think I would need a Java decompiler and I don't think I have one on this PC...and I'm too lazy to find and download one

[Vince]

Ok, I'm confused. Every time I try the link, I get a blank white page. Should I not be getting something else?

[mckerney]

Quote:

Originally posted by VPI97
But you do know what the 'src' parameter means, don't you?

Well, no.

Here's what I'm looking at, tell me how far off I am:

pwd = prompt("Please enter the password for level 3:","");
if (pwd==PASSWORD){
alert("Allright!\nEntering Level 4 ...");
location.href = CORRECTSITE;

......

PASSWORD="AbCdE";
CORRECTSITE="level4-sfvfxc.xhtml";

[VPI97]

I'll try to be subtle (unless you want the answer straight out)...you're looking at script when you read that code...how do you tell what language the script is written in? ...and is that the only script on the page?

[Vince]

Heh, I'm a quick one.

[sony]

Damn it! I stuck on Stage 2

[EagleFan]

Level 2 has me stumped. I'm looking at what I believe to be the shockwave file but I am not having any luck decoding what shoudl be the username and password.

[mckerney]

Look in your internet temp files, it should be called level2[1].swf

[Eilim]

Level 4 for me at the moment, got the class file decompiled but think I might have to dig out some of my old java books.


-Eilim

[Pumpy Tudors]

From what I've gathered (thanks to hanging out in the site's IRC chat), to get any deeper than level 4, you really need to know your programming and network stuff. It's not for those without a pretty decent computer science/programming background.

I pretty much cheated to get through the first three levels, but when I saw the correct answers, I realized that they weren't THAT hard to find (level 3 was much easier than level 2 to me, though). I doubt I could get any further without somebody holding my hand the whole way.

When I expressed my lack of knowledge to the people in the chat, they suggested I try www.hackthissite.org, and I am finding that to be at least more user-friendly, if not easier.

[EagleFan]

Do I need something to be able to open that file with. The only thing that I can open that with is IE and it just gives me the shockwave logon box that is on the web page.

[Eilim]

I've tried a few of the "wargames" sites in the past. A friend of mine completed try2hack not too long ago and suggested I give ti a shot but I just never got around too it.

I figured this one would be somewhat tougher than most because he had brought the site up after asking me what my favorite packetsniffer was. So I'm guessing at some point this one may get a bit tricky.

-Eilim

[Eilim]

dola...

Quote:

Originally posted by EagleFan
Do I need something to be able to open that file with. The only thing that I can open that with is IE and it just gives me the shockwave logon box that is on the web page.

Your going to need to use a .swf decompiler, could probably get away with using a hex editor.


-Eilim

[VPI97]

Quote:

Originally posted by EagleFan
The only thing that I can open that with is IE

No it's not. In fact, you can open it with something you've already used in this exercise.

Quote:

Originally posted by Eilim
Your going to need to use a .swf decompiler, could probably get away with using a hex editor.

It's a lot easier than that.

[Eilim]

Good call, VPI97. Didn't even think of that. Guess I've gotten lazy with all my toys. Just checked it out and had to laugh at myself for overlooking that one.

-Eilim

[sterlingice]

Ok, so everyone doesn't have to run out and get a Java Decompiler, here's the Java for 4. I need to get back to homework, but anyone else, knock yourself out:

Quote:

// Decompiled by DJ v3.5.5.77 Copyright 2003 Atanas Neshkov Date: 10/21/2003 12:31:51 AM
// Home Page : http://members.fortunecity.com/neshkov/dj.html - Check often for new version!
// Decompiler options: packimports(3)
// Source File Name: PasswdLevel4.java

import java.applet.Applet;
import java.applet.AppletContext;
import java.awt.*;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.*;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.EventObject;

public class PasswdLevel4 extends Applet
implements ActionListener
{

public PasswdLevel4()
{
inuser = new String[22];
totno = 0;
countConn = null;
countData = null;
inURL = null;
txtlogin = new TextField();
label1 = new Label();
label2 = new Label();
label3 = new Label();
txtpass = new TextField();
lblstatus = new Label();
ButOk = new Button();
ButReset = new Button();
lbltitle = new Label();
}

void ButOk_ActionPerformed(ActionEvent actionevent)
{
boolean flag = false;
for(int i = 1; i <= totno / 2; i++)
if(txtlogin.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 2].trim().toUpperCase().intern() && txtpass.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 3].trim().toUpperCase().intern())
{
lblstatus.setText("Login Success, Loading..");
flag = true;
String s = inuser[1].trim().intern();
String s1 = getParameter("targetframe");
if(s1 == null)
s1 = "_self";
try
{
finalurl = new URL(getCodeBase(), s);
}
catch(MalformedURLException _ex)
{
lblstatus.setText("Bad URL");
}
getAppletContext().showDocument(finalurl, s1);
}

if(!flag)
lblstatus.setText("Invaild Login or Password");
}

void ButReset_ActionPerformed(ActionEvent actionevent)
{
txtlogin.setText("");
txtpass.setText("");
}

public void actionPerformed(ActionEvent actionevent)
{
Object obj = actionevent.getSource();
if(obj == ButOk)
{
ButOk_ActionPerformed(actionevent);
return;
}
if(obj == ButReset)
ButReset_ActionPerformed(actionevent);
}

public void destroy()
{
ButOk.setEnabled(false);
ButReset.setEnabled(false);
txtlogin.setVisible(false);
txtpass.setVisible(false);
}

public void inFile()
{
new StringBuffer();
try
{
countConn = inURL.openStream();
countData = new BufferedReader(new InputStreamReader(countConn));
String s;
while((s = countData.readLine()) != null)
if(totno < 21)
{
totno = totno + 1;
inuser[totno] = s;
s = "";
} else
{
lblstatus.setText("Cannot Exceed 10 users, Applet fail start!");
destroy();
}
}
catch(IOException ioexception)
{
getAppletContext().showStatus("IO Error:" + ioexception.getMessage());
}
try
{
countConn.close();
countData.close();
return;
}
catch(IOException ioexception1)
{
getAppletContext().showStatus("IO Error:" + ioexception1.getMessage());
}
}

public void init()
{
setLayout(null);
setSize(361, 191);
add(txtlogin);
txtlogin.setBounds(156, 72, 132, 24);
label1.setText("Please Enter Login Name & Password");
label1.setAlignment(1);
add(label1);
label1.setFont(new Font("Dialog", 1, 12));
label1.setBounds(41, 36, 280, 24);
label2.setText("Login");
add(label2);
label2.setFont(new Font("Dialog", 1, 12));
label2.setBounds(75, 72, 36, 24);
label3.setText("Password");
add(label3);
add(txtpass);
txtpass.setEchoChar('*');
txtpass.setBounds(156, 108, 132, 24);
lblstatus.setAlignment(1);
label3.setFont(new Font("Dialog", 1, 12));
label3.setBounds(75, 108, 57, 21);
add(lblstatus);
lblstatus.setFont(new Font("Dialog", 1, 12));
lblstatus.setBounds(14, 132, 344, 24);
ButOk.setLabel("OK");
add(ButOk);
ButOk.setFont(new Font("Dialog", 1, 12));
ButOk.setBounds(105, 156, 59, 23);
ButReset.setLabel("Reset");
add(ButReset);
ButReset.setFont(new Font("Dialog", 1, 12));
ButReset.setBounds(204, 156, 59, 23);
lbltitle.setAlignment(1);
add(lbltitle);
lbltitle.setFont(new Font("Dialog", 1, 12));
lbltitle.setBounds(12, 14, 336, 24);
String s = getParameter("title");
lbltitle.setText(s);
ButOk.addActionListener(this);
ButReset.addActionListener(this);
infile = new String("level4");
try
{
inURL = new URL(getCodeBase(), infile);
}
catch(MalformedURLException _ex)
{
getAppletContext().showStatus("Bad Counter URL:" + inURL);
}
inFile();
}

private URL finalurl;
String infile;
String inuser[];
int totno;
InputStream countConn;
BufferedReader countData;
URL inURL;
TextField txtlogin;
Label label1;
Label label2;
Label label3;
TextField txtpass;
Label lblstatus;
Button ButOk;
Button ButReset;
Label lbltitle;
}

SI

[rdo]

infile = new String("level4");

is the key line

[VPI97]

Quote:

Originally posted by rdo
infile = new String("level4");

is the key line

Bling bling

[Solecismic]

Yeah, I see that one from the code above. But I'm stuck on level 2. Any good hint would be appreciated.

[JeeberD]

Now I remember why I changed my major from BCIS...

[mckerney]

Quote:

Originally posted by Solecismic
Yeah, I see that one from the code above. But I'm stuck on level 2. Any good hint would be appreciated.

You need to look at the .swf file that has the username/password prompt. Level 2 was fairly easy for me, but there is no way I'd be able to do level 4.

[rdo]

Quote:

Originally posted by Solecismic
Yeah, I see that one from the code above. But I'm stuck on level 2. Any good hint would be appreciated.

Take a closer look at the shockwave file

[Solecismic]

Just looks like garbage to me. Perhaps I downloaded it wrong (save-as through netscape).

[mckerney]

Here's what you should get:

FWS¯ p _ »€
C 3™? 
 Courier New   *  wû Ä°°_0
à
Ìÿÿ ( Username :
‰
 ¯  *  wû Ä°°_0
à
Ìÿÿ ( Password :
Š  +Ä~ ?\  eË#_Bà
¹Äk@ ÿÿÿ ÿ

€5oßzs�
àìàö0ß>(ß[ tR öî;)>/" ±N ±�r3�r
Pu‡ªÖüêP
Øà ?‘  eô�ßS
H©–Mhœ'[W  ÿÿÿÖÿÿÿÿ ÿ+++ÿ_¹$ú`ÅUÌ>ˆ ÿÿÿÖÿÿÿÿ ÿ+++ÿ —Õð4½â:‰1ÎÏ<Ë\èÃ3"ŒžJ!äw“cžÓ
ML1wÑ5×?Æ «rÂÍ”øà¨$ù�—)ÚâöÛý˃‡Ì2yQÊk®Ò©ì€€ ?&
 eË#_Bà
fÿÿ
 ÿoßzg:À ÙÀ ìa¾|Q¾¶ è¤ìÜvR|^D
bœ
c:äg:ä_ ëU·ÿùÓÀC‘°µ¸þYÌÒ° ù0äºÌùb½°
ÑZSÜ?Ù_\×}6rö¸Ì_,Š»0½’F$æ�BT
�!ꣿÿ:P j,> ¹
„À ÿÿÿ ÿ fÿÿ

€!5oßzYΆðvp{oŸo_€:){÷”Ÿ‘ X§ Xιι(:ÃÕmÿþtðäln?–LÍ+ “ >K¬Ï–+Û ¥=ÃýšÕÍq‡Óg/k€,ÊÈ«³Ù$bgV'3lÀ éUÿùÒ€Q` ?ð  \P–
¹
„À ÿÿÿ ÿ

€5n?–s4¬ >L ù.³>X¯l tV”÷ökW5ÆMœ½® ³("®Ì/d‘‰9§P• gHz¨ïÿΔ ‹„
©–Mhœ'[C€ ÿÿÿÖÿÿÿÿ ÿ+++ÿ n'å>8* ~geÊv¸½¶ÿràáó žBÔršÄ«´ª{ ø@
_¹$ú`ÅUÏÿ  ÿÿÿÖÿÿÿÿ ÿ+++ÿ q_¢æ9ÃYç™k�fdQ€“ÉD<ŽòlsÚa©©†.ú&ºçøÄ—¼GQ ¿ H  eË#_Bà
3Ì oßzg:À ÙÀ ìa¾|Q¾¶ è¤ìÜvR|^D
bœ
c:äg:ä_ ëU¬ÿùÔ_±À ¿� &

      
  –
txtUsername –
try2hack I–
txtPassword –
irtehh4x0r! I�  ƒ level3-.xhtml _self � ÉuÝUå>UC_¿ ]
pSÎ[Ì~p
½£Š€_TÝ_ ÿÿ
 -ÍáøV
Eì hd|ôT€
—8
–»GÐ^’P
à¨P ]î¯n ¬à _áF‹¸ÞÀ ‰
ý�È +  wû
@ÿ°@
à
Ìÿÿ  ( txtUsername Ž  Éž>’ OE4†
 + wû
¸ÿ°@
à
Ìÿÿ  ( txtPassword Š
Pfe @

[Solecismic]

Thanks... that doesn't look anything like what I downloaded.

level 4 is just a matter of going backward from a couple of key lines.

[Fido]

Level 6 and officially giving up.

[KevinNU7]

Anyone else keep getting taken to the Disneystore website?

[Fido]

Quote:

Originally posted by KevinNU7
Anyone else keep getting taken to the Disneystore website?

Everyone who enters the wrong password...

[Celeval]

Bah, you guys are giving too many hints. :-)

Level 5 and counting

[Celeval]

Level 6, and trying to remember networking. :-)

[johnnyshaka]

Quote:

Originally posted by KevinNU7
Anyone else keep getting taken to the Disneystore website?

Oh crap...I thought that meant I had won...whoops!!!

[Celeval]

Ha! This is fun. Level 7 and counting..

[CamEdwards]

now surfing ESPN and counting.

[Celeval]

Hehe... so some of us are geekier than others. Up to Level 8, but I think it's time to stop doing this at work, since we're working on exploits now.