There is a COOL websight I thought you all might like, is made up of sixteen different security levels. The goal is to crack the password for each level
before you can go on to the next. It is a legal sight to have hacking fun. http://scifi.pages.at/hackits/

143229 people have passed the first level, but only 4204 have passed the last one.

I am now on level 6.

Happy Hacking!!!!
-Andy :D

What do you all think about it??

Originally posted by AnacondaAndy
What do you all think about it??


Not very much...I'm stuck on Security Level 5.



You're supposed to find a password out of this...


function abfrage1() {
var code = new Array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");

Eingabe = window.prompt("Password : ","");

if(Eingabe != ((code.length)*100)/2-66) <<<This is where I'm stuck
{
window.location.href="denied.htm";
}
else
window.location.href=Eingabe+".htm";
}

edited

sorry...i didn't look at the site until i had posted the advice that appeared in this post....

:-)

Hi Again...
I though you might what to know that "Eingabe" is German for Input

anyone manage to get past level 10?

i don't get it

it is good time waster lol

I'm only on level 4.....But I'm having fun!!!!

Happy Hacking,
-Andy

Originally posted by zyex
anyone manage to get past level 10?

i don't get it

The password is stored in a seperate .js file. You can find the URL to the file in the level 10 source code.

If you have already found the seperate .js file, and cannot figure it out. Then, think data types.

Originally posted by zyex
ok the statement specifies

if(Eingabe != ((code.length)*100)/2-66)

so Eingabe needs to be equal to ((code.length)*100)/2-66

which means

Eingabe needs to be equal to ((26)*100)/2-66

which means

26 * 100 is 2600

2600 / 2 is 1300
1300 - 66 is 1234

hence Eingabe needs to be 1234....

hope this has helped :-)


Ah, thanks a lot man!!!
I was stuck with the " ((code.length)*100)/2-66 " part, I didn't understand what that meant.

this isnt really hacking if you can view the source lol. I am blazing through this stuff, but I do not have time to finish this.

Stuck again...Level 8.

Originally posted by Paul Jr
Stuck again...Level 8.

As far as I can tell, the only way to get past this one is to do a directory listing.

Originally posted by EmteeMoe
As far as I can tell, the only way to get past this one is to do a directory listing.

...Directory Listing :confused: ...?
I'm very, very, new to Java Script.

Enter level 8 then copy down the complete URL. Open up a new case of IE and enter in the complete URL. Then delete everything after the last /. Then press enter. If this does not work a similar method will.

Phatniss. Thanks a lot.

ok, does anyone speak german? if so what am i supposed to do on level 15

I've broken it through level 14 (working on 15), and now it's time to do something else for a while... :D

zyex, If the coding is in German go to Google, and beside the search field is a link for Language Tools....and that will translate it from German to English!!! Hope this helps,
-Andy :)

thanks andy, but its not german...i thought at first it was cos i didnt understand it.....

its a code that needs cracking....still working on it....can anyone point me in the right direction?

the source code is not in german - german is not supported by most browsers. it is just written in ASP. i dont really know much about ASP, but there are some lines in the source code that i am familiar with (eg. end if) im sorry if this is incorrect, but this is the only conclusion i have been able to come to. please keep posted. please visit my site at http://www.nottooshabby.vze.com/! there's not uch on it, but i like to watch my hit counter go up, lol:D - DanieL

if its written in asp, then it is not client side. How do you intend to crack a server side language if none of the actual password data is in the source code?

Most of them are JavaScript. One was a Java class. Number 15 is .htaccess, but they help you along a bit.... Not sure what the final one is... :)

IRC channels & online boards

Giving solutions to levels, passwords or any sourcecodes is forbidden.


Giving links to any file relating to the levels on the ISATCIS site is forbidden.


Giving links to tools needed for a level is forbidden.

But


On this website you have the opportunity to improve your knowledge about internet security LEGALLY. For instance simple JavaScript is unsuitable for protecting your homepage against unauthorized access. But there are still some other things.
ISATCIS will clarify it within a learning process which is based on tactical over- coming of 16 security levels where the inserted security bugs should be applied.


How can you improve your knowledge simply by doing tests? Without help of some sort or another it's not a 'learning process'.

Speaking of which, any help with number 10? LOL

Which one was 10?

An external .js file about some bloke with a name beginning with t. LOL


<!--Tschebyscheff said it, and I say it again:
There is always a prime between n and 2n.

...have a nice day...
-=[the creator]=-
//-->

emteeMoe...judging by your user name I know exactly who you are and you know exactly who I am...LOL...I am on level 8 and am working on it a bit...but I think that the site is great to teach what NOT to rely on for security...I mean the best guys to ask about how to make a secure website are the hackers!:D

What the heck do they mean by the traffic problem on level 8???? I figured out the password but can't get in; keep getting a stupid cartoon in German...hmm...anyone else have the same prob?

Dave, you have been caught by a cruel trick involving relative URLs.

I'm stuck on 12 - I figured out the algorithm, but I keep getting the message " wrong ID - but you're on the right way."

Adam

Originally posted by AdamGundry
I'm stuck on 12 - I figured out the algorithm, but I keep getting the message " wrong ID - but you're on the right way."Yeah, I thought that one was kinda dumb, as it relies a bit on guesswork. I eventually got it, as there are only so many combinations that can produce the needed password. Just tried valid patterns until one matched... ;)

I'm Still Mucking Around With 10.

Originally posted by AdamGundry
Dave, you have been caught by a cruel trick involving relative URLs.


Cheers Ad! Got it now LOL

How do I view the code for level 5???:confused:

Just scroll down...

Thanks Man, that was as easy as 1234!!!!!!!!!!!:D

Anybody make it to level 16 yet? :confused:

P.S. Were can I get a free 50x50 aviator?

Thanks..

still stuck on 15.....i've given up

OK, I give up. I can't get past level 10. The contents of the external source code has me completely confused.

I might come back to it at another time :confused:

I finally made it to 9!!!!!!!!!!!!!!!!!!

What city do they mean in 9 url:confused:

There are not all that many choices... Just try the possibilities, if you do not know which of them is a city... ;)

"http://scifi.pages.at/hackits/nine/"+document.a.c.value+".htm" this is the URL we are talking about right?!?!

Someone PLEASE help me with 10?! This is driving me insane.

Paull Jr....
Level 10 isn't too hard...just have to think a bit...have you gotten to look at source4.js yet? if so it's not too hard....if not...get to it...that part isn't hard. Once your there, think abuot why they would name the variable lol...or Laugh Out Loud....the answer is kind of funny. Only one more hint...there putting you on a bunny trail....

Oh, and Andy, just go to level 9 and look at the url....it's not really confusing...there were only two possibilities that I could see....

I'm currently working on level 12...that's a doozy....One thing's for sure...Javascript is not a secure language....

Originally posted by pyro
There are not all that many choices... Just try the possibilities, if you do not know which of them is a city... ;)

Could you give me a hint???????
I don't get it....:confused:

Post the URL of the page here... I don't have it saved, and I'm not going to run through it again to look for it...

Hannover... Nice place innit? LOL

Here is the link... "http://scifi.pages.at/hackits/nine/"+document.a.c.value+".htm"; thanks:confused:

Nope, that's not the one they are looking for....

We want the url of the page itself - the one that says HANNOVER! So instead of giving us the url just TYPE IN HANNOVER LOL!

After reading the replies here about level 10, I still dont know the password.

Anyone care helping me :D Pleeeeeeeeeeeeeeeease

Htayc...
Have you gotten to view Soure4.js? If so, think about what's going on...if I remember right, on that level they are naming a variable "LOL" and giving it a value of a math problem....but they are putting you on a bunny trail....'cause the math problem is in quotes....so, hopefully you could figure it out from there...if not, I'd be more than glad to help out more...

Oh, and Andy...
Since I know you personally I won't hold it against you...but the thing about Hannover...well, all I can say is LOL! No really....I'm glad that you got it (or where given it...).

I have read the source4.js file many times with several applications, and all I see is this..

<!-- Tschebyscheff said it, and I say it again:
There is always a prime between n and 2n.

...have a nice day...
-=[the creator]=-
//-->

Adam,
you still stuck on level 12? If you are getting the wrong id...but your on the right track error...than there are only about 6 possibilities to try with the numbers....

htay...
tell you what...go to level 10...then go into "search" (if your on a windows PC) and look for source4.js....then open it in notepad...when I open it I see them naming a variable as LOL and a math problem as the value....

I have tried that, it is not showing up at all.

htayc: take the url of question 10. remove the filename. paste on the url (includin the www.) of the js. Then see what happens.

On level 12 there are more than 6 different variations...working on finding it out...

Still nothing, it is not displaying anything outside of the tags.

I got to get off-line right now...but I'll look into it and reply to the forum soon...

does your url look like this?

http://scifi.pages.at/hackits/www.academy.dyndns.org/hackits/security_levels/source4.js

??

For the javascript part.

I only had the www.acad...... bit.

Thanks Dave

Originally posted by ColdSteel
Adam,
you still stuck on level 12? If you are getting the wrong id...but your on the right track error...than there are only about 6 possibilities to try with the numbers.... Actually, there are tons of possible combinations.

Sorry Dave, I should have read that post fully :D

Pyro,
Yeah, you're right...sorry about that people....I got mixed up...realized that there are a LOT of possibilities...am currently trying to figure it out....and htayc....when I meant to search for it I meant on your harddrive....everything you view goes into your browsers cache, or temporary internet files...so you can get the source from it off the local machine if it has viewed the site....

FINALLY got through level 12.....yeah...there are a whole lot more than 6 different combinations...more like 30 something....hehe...stupid me....

Originally posted by ColdSteel
FINALLY got through level 12.....yeah...there are a whole lot more than 6 different combinations...more like 30 something....hehe...stupid me.... Actually, to be mathimatically correct, there are 36 choices.

(The code to prove that):nums = new Array();
for(x=0; x<10000; x++){
str = String(x);
while(str.length<4){
str = "0"+str;
}
if(str.charAt(0)*str.charAt(1)*str.charAt(2)*str.charAt(3)==12){
nums[nums.length] = str;
}
}
alert(nums.length);Also, if someone helped you break through it, then you really can't say that "you" did it, since "you" didn't. All "you" did is type in the password that someone told you(or told you how to get). :rolleyes: It seems kind of dumb to ask for help on a challenge...

Level 12 was soooo easy.

AnacondaAndy, re-read the text in level 9. It can be a little bit confusing. Remember to read the entire URL ;)

its driving me insane, how the hell can i read that class crap, give me the answer someone!!!!!:confused: :confused:

Originally posted by DaveSW
We want the url of the page itself - the one that says HANNOVER! So instead of giving us the url just TYPE IN HANNOVER LOL!

Thanks!!!!!!!!!:rolleyes:

BTW...no one told me the number to level 12....just didn't want anyone thinking that...not that it matters...about the class...if someone is going to respond to benjamin...please do it in a private message...that would spoil it for others...(myself included; I am by far not a java or javascript expert...)....

Originally posted by AnacondaAndy
Please, nobody post answers on this post....Then stop asking questions. :rolleyes:

Sorry...and thanks alot for your help!!

uh, Andy...don't take what I said personally...just doing some friendly kidding...hehe...has anyone passed level 14? I am having trouble with it....

Yes, I passed level 14. Took a bit of time to factor the whole thing down... ;)

well, I'm working on it...but uh, it's a little bit confusing....hehe....:D

I got to level 15... Level 15 uses htaccess, so that kinda has me stumped. I got the encrypted password and ran it through a couple word lists, but it didn't come up with anything. I also ran it through a program to test it with every possible combination up to 5 characters long with only lower-case characters... No results. Due to the fact that I don't have a super computer, it is very hard for me to go much longer than that. ;) I'll try running it through checking for more characters but only 4 long and see if I come up with anything... I'll let you know(but I won't tell you what it is, even if I DO find out. :p)

I'm on eleven at last!!!!!:D

this thread is the most viewed thread in the entire general section.... wow.

Awesome I have the most viewed post..............Sweet!!!!:D

yes well i made a little mistake there. the most viewed in the last 30 days. an old post called ponderous and another one started by Code one both have more page views than yours, but they are really old and both have been closed because they got off topic.

Originally posted by Sux0rZh@jc0rz
both have been closed because they got off topic. And it looks like you guys are well on your way to getting rid of this thread, too. :rolleyes:

Hehe...the supreme master has spoken...better heed the advice of the master...

I need some help on 11...but don't give me the answer, just a hint;) Thanks.........

Hey Andy...get on AIM and I'll help you out...

For level 10...

Look:
www.academy.dyndns.org/hackits/security_levels/source4.js

usually, when you link to a url, you have http:// in front of it. but this doesn't. So that means that it would be to this link:

[Don't CLICK THIS IS YOU Don'T WANT THE ANSWER]
http://academy.dyndns.org/www.academy.dyndns.org/hackits/security_levels/source4.js

Save the js file and open it with notepad. You'll find the variable lol there, etc.

For help on Level 10:

this is the src that it links to
www.academy.dyndns.org/hackits/security_levels/source4.js

but there's no HTTP in front of it! That means that is must go to...

www.academy.dyndns.org/www.academy.dyndns.org/hackits/security_levels/source4.js

Save the file, open it, look at the varible lol and figure it out from there!

I just started a couple minutes ago, and I’m on level fourteen. Thanks for pointing out the challenge, AnacondaAndy. When I get more time, I’ll crack the last three levels. ;) I bookmarked the one I’m on so I won’t lose it.

http://scifi.pages.at/hackits/hackitone.htm
password is: easy


http://scifi.pages.at/hackits/hackittwo.htm
password is: JavaScript

http://scifi.pages.at/hackits/JavaScript.htm
password is: #235711

http://scifi.pages.at/hackits/stufe4code.htm
password is: CODEZ

http://scifi.pages.at/hackits/CODEZ.htm
password is: 1234

http://scifi.pages.at/hackits/sechsjava.htm
password is: badscript

http://scifi.pages.at/hackits/javaseven.htm
password is: commander

http://www.academy.dyndns.org/hackit8/hackit8.htm
password is: login

http://www.stud.uni-hannover.de/~dressler/text9.htm
password is: hannover

http://scifi.pages.at/hackits/the10th.htm
password is: 24*45*32+56-54/842*5623+4567

http://scifi.pages.at/hackits/onze.htm
password1 is: where
password2 is: time
password3 is: and
password4 is: space
password5 is: meet...
final password is: picard

http://scifi.pages.at/hackits/douzehack.htm
password is: 2161

http://scifi.pages.at/hackits/latreize.htm
password is: event.Action

http://scifi.pages.at/hackits/loginmatrix.htm
username is: elite
password is: force

http://www.stud.uni-hannover.de/~dr...14/fourteen.htm
username is: delta
password is: flyer[/FONT][/FONT]