Sunday, 18 October 2015

Solution: HackThisSite - Basic Missions - Basic 3

1 comment

HTML.. A base of any website.. Our next challenge is based on basic understanding of HTML.. Source code can reveal many important things which sometimes web developers neglect knowingly or unknowingly..

Site: HackThisSite (https://www.hackthissite.org)
Solution: Basic Missions > Basic Level 3


Challenge Description: This time Network Security Sam remembered to upload the password file, but there were deeper problems than that.

So our beloved Sam fixed previous problem this time. But little did he know that users can actually call the files directly and see the output if the validation is not proper. The problem here is that Sam actually uploaded the file, but his coding in the file is to output the password so that password compare script can compare the password in the file with the password entered by user..

As we can see in the source code, there is a file "password.php", this is the file which contains the unencrypted password. Password script will call this file for the password value and compare the result with the value entered by the user.. Well, user can also call the file directly to see what it does.. So let's try that..

Well, the password file just gave it away easily.. Password is: 47442112


Read More

Solution: HackThisSite - Basic Missions - Basic 2

Leave a Comment

Basic challenges are pretty easy ones.. All they need is some basic fundamental understanding of how things work and a little bit common sense.. Like our next challenge, it is a basic common sense which plays a major role..

Site: HackThisSite (https://www.hackthissite.org)
Challenge: Basic Missions > Basic 2
Challenge Description: Network Security Sam set up a password protection script. He made it load the real password from an un-encrypted text file and compare it to the password the user enters. However, he neglected to upload the password file...

Now Sam here forgot to upload the password file.. The very essence of the password script to actually work.. If the file is not uploaded, obviously script will not find any file and let anything pass through it as it does not have anything to compare with.. So out password is literally blank.. Just click on submit without any password and your challenge is clear :)..




Read More

Solution: HackThisSite - Basic Missions - Basic 1

Leave a Comment

Today we are selecting another awesome challenge site.. This site has been around since long and almost every other hacker/script kiddie have heard about this website. This website also provides the challenges + tutorials and news from around the globe related to computer securities and similar..

So let's start as usual with basics..

Site: HackThisSite (https://www.hackthissite.org/)
Challenge: Basic Missions > Basic 1 - Level 1 (The Idiot Test)



If you remember previous source code challenge from CanYouHackIt, this will be easy for you too.. This is similar passsword in the source challenge.. Ctrl + U or Right Click > View Source and you can track down the password easily..


And there it is.. Our password is - 3eab46ab


Read More

Saturday, 17 October 2015

Solution: CanYouHackit - Cryptography Challenge 2

Leave a Comment

This one is pretty simple if you can read the title properly and connect the dots given in the challenge, and also if you have used old age mobile phones.. :D

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Cryptography > Cryptography Challenge 2 > Not K9 But ?


You may have guessed it by this time that it is a code of T9 texting.. You can find online T9 predictive dictionaries and try it out.. So the password is "mobile"


Read More

Solution: CanYouHackIt - Cryptography Challenge 1

1 comment

This is regarding Cryptography..
Cryptography is very important aspect or we can say field, a subset of Computer Securities.. Cryptography is almost everywhere.. Encrypting a message based on a key which is present with the sender and intended receiver of the message.. This encrypted message will look like a garbage text to any other person who tried to intercept the message.. Only sender and the receiver can make sense of what actually has been sent.. So let's start with our very field challenge in this field..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Cryptography > Cryptography Challenge 1 > He also makes a good salad


So here, titles gives it away actually..
It states " He also makes a good salad "
And if you have heard of Cryptography word, you might also have heard about Julius Caesar, because early cryptography was started with Caesar cipher.. Roman emperors and Egyptian Cryptography and Stenography may also ring some bells.. No need to think too much about this, if you can search google with cryptography + salad, you will get the word "Caeser Salad" which is our password.. :D :D

   
Read More

Solution: CanYouHackIt - Script Challenge 3

Leave a Comment

Advancing to our next challenge in the Script Challenges Set... This time, the difficulty level rises.. It is more complex logic than we have seen before.. Let's try to break it..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Script > Script Challenge > Arrays!


So this time, the core logic is like this
- User enters the password
- Script runs a loop to calculate another variable out of entered value of password and a variable already defined
- The Loop runs through each character of the password entered by user and maps it on the variable "keys" to get the position of that character as value for the variable P

See like this
If I entered the password "ABCD"
The loop will take A and map it onto keys and get the position number of "A" in the variable keys - Value received "10".. Added into variable P
current value of P = " 10"

The loop will then take B and map it onto keys again to get the position number of that character in the variable keys - Value received "11" .. added to P
current value of P = " 10 11"

The loop will then take C and map it onto keys again to get the position number of that character in the variable keys - Value received "12" .. added to P
current value of P = " 10 11 12" .. and so on... I hope you understood the basic logic behind the code..

Now, if we want to get the password, we can modify the script in such way that it gives out the password which is required to match exactly to what P has.. below is the modified script..


As we got our password, that is - H4x0rS


Read More

Solution: CanYouHackIt - Script Challenge 2

Leave a Comment

Onto our next challenge.. This is another similar script challenge we solved before.. But with a little bit more of scripting logic.. So let's begin..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Script > Script Challenge 2 > Another Quick One


After people understood that client can also see the javascript on their browser using View Source, they started using javascript's more complex logic to implement password validation.. This one is like that, but comparatively easy to understand..

Now what we have here...

  • var a = "de9f8caa7ea6fe56830925a124d605d4"; //A variable with some values
  • var password = ""; //Another variable, but empty at the moment
  •     
  •     for(var i = 0; i < 20; i++)
  •         password += a.substring((i%3),(i%5)+(i%3));
Above loop calculates the password, it gets the password by manipulating the variable "a".. Now, how can we get what the end result will be after the loop..? The result is necessary because the conditional logic in the script later requires the value of variable "password" to match with our entered password.
I used an online javascript compiler to compile the code snippet given above, and I got the password..
Below is the result screenshot..


So the password is : e9fde9e9f8de99f8de9f9dee9f9f8ce9fde9e9f8


Read More

Solution: CanYouHackIt - Script Challenge 1

Leave a Comment

It was fun doing logic challenges.. Now, we have advanced onto our next section, Script Challenges..
It is like clearing a stage in a video game and advancing to the next level.. :D

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Script > Script Challenge 1 > An Easy Start


Let's see, it is showing a javascript and we need to figure out the password.. This is a real world scenario.. Javascript is a client side scripting language which is normally used to perform a few actions based on user's action, like getting the fields of a submitted form to verify whether they match the requirements or not and much more.. There are many usecases in which javascript can be used, but some people used to use javascript to compare the password entered by the user.. This is like hardcoding the password in the script.

Above script shows the same.. Notice below line in the script:

if($('#password').val() == "javascript")

We can easily see that script is comparing the value entered by user with the hardcoded value "javascript" .. So that's our cue.. That's our password.


Read More

Solution: CanYouHackIt - Logic Challenge 4

Leave a Comment

This next challenge is about the number patterns.. You might have heard about Fibonacci series, multiplicadditive sequence, Digit Product Sequences and many more, where you have to take the number and add/multiply/divide/subtract some number to get another number, and perform the same actions of that number to get another number and so on.. So, as we can see from the title of this challenge (That is "Follow the pattern" by the way), we understand that it has to do something with number sequences or pattern. So lets solve it..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Logic > Logic Challenge 4 > Follow the pattern


You might think that this doesn't make any sense or what does this have to do with hacking or whatever.. Remember a few points here.. This is basic reasoning. This can be used in cryptoanalysis.. Cryptography works with the base of mathematics.. If you understand basic reasoning, you can understand cryptography easily.. Or at least that's what logically can be fit here..

So lets analyse the sequence, shall we ?
The sequence is 2, 3, 5, 11, 19, 41. 73, 139, ??? .. We need to find the number which comes after 139 to get our password..

Analysis:
1. This is not simply the sequence of prime number because if it was, it should have stated 7 and 13 in mid way.. But it didn't. which means, this is not the prime number sequence..
2. This is not Fibonacci series either, because if it was, there would have been 8 after 5 in the sequence..
3. Now we can think of adding previous two number and try to get next number, this method fails at 4th number -> 2+3+5 = 10 but the number is 11..
4. We can think of subtract previous two numbers and multiply with some randomly suitable number to get the next number, but you will soon realize that this method isn't working either in later stages..

So here is the solution..
See below image of prime numbers:



See below image of Fibonacci series:

Now let's start:
Fibonacci series' first number is 1
Take 1st prime number -- That's 2

Fibonacci series' second number is 1
We already took 1st prime number - Ignore

Fibonacci series' third number is 2
Take 2nd prime number -- That's 3

Fibonacci series' fourth number is 3
Take 3rd prime number -- That's 5

Fibonacci series' fifth number is 5
Take 5th prime number -- That's 11

Fibonacci series' sixth number is 8
Take 8th prime number -- That's 19

Fibonacci series' seventh number is 13
Take 13th prime number -- That's 41

Fibonacci series' eighth number is 21
Take 21st prime number -- That's 73

Fibonacci series' ninth number is 34
Take 34th prime number -- That's 139

Fibonacci series' tenth number is 55
Take 55th prime number -- That's 257, We got our number.. That's the password for this challenge..



Read More

Solution: CanYouHackIt - Logic Challenge 3

Leave a Comment

Ok, so here we go with the logic challenge no. 3 from CanYouHackIt.. It is pretty simple thought.. It was a problem or you can say easy vulnerability back in days when people weren't used to use server side scripting languages.. HTML just came into the picture and people were thrilled to use it, but some of them actually forgot the basic element that HTML is a client side mark-up language and not server side.. So, this challenge is based on that vulnerability.. It is fun though.. The method can be helpful in many other ways..

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Logic > Logic Challenge 3 > The thing you thought was really cool back when you were still a noob


Basic understanding is that HTML client side output can also reveal so many important things.. Like, directories being used to get js/css/other script files.. File which is being called for the POST/GET methods of the Login/Registration/Form pages.etc.. I hope you got what I wanted to convey..

So, if we think about this challenge, it clearly says "What do you mean you don't know. The password is right here.".. Hmmm.. Looks like it is hidden in the plain site... So you can open up the source code of the visible html output on your browser by either Right Click > View Source or shortcut key Ctrl+U... Let's see what we can find with this in our little challenge..


And there it is.. Written in the commented line --> <!-- Password is htmlcomment -->
So we got our password...


Hope you liked it.. :)
Read More

Thursday, 15 October 2015

Solution: CanYouHackIt - Logic Challenge 2

Leave a Comment

Ok, so, on to our next challenge in the journey.

Site: CanYouHackIt (http://canyouhack.it/)
Challenge: Logic > Logic Challenge 2 > Riddle Me This

So the challenge goes like this


So what comes to your mind..?
I am guessing a few points which may have crossed your mind at least once while solving this.

- Should I search a few first lines on google to find the exact riddle ?
- Should I look into source of the page to find some clue ?
- Should I look/ask into the discussion forum about hint ?
- You may have tried a few failed guesses before realizing the point here...

The riddle actually is not making any sense.. It is like below one
" Roses are Red,
My Name is Dave,
This Poem Makes No Sense,
Microwave"

But if you read it carefully, it asks something in the last line..
"Can you guess the riddle?"
So now the though should hit your mind that it is asking for the answer in Yes/No format rather than anything else.

Yes, the answer is "No".. Be aware of using capital N while typing No, I tried "no" in the first guess and it told me that it is a wrong answer.. So final answer is "No"..


There is no relevant information about this challenge, it only teaches you to first try basic thing before anything difficult.. 
Read More

Solution: CanYouHackIt - Logic Challenge 1

Leave a Comment

So here we go with our first challenge on our journey. You can guess for pretty much all the challenge websites out there, that the first level will be a baby level..

Site: CanYouHackIt
Challenge: Logic > Logic Challenge 1 > I thought this was meant to be challenging?


If you ever encounter any password field without any other relevant info, what will be your first step, or in this case, what will be your first password guess ?.. I am guessing you picked it correctly.

It's been publicly released many times, even in these days, people use common passwords like "password", "123456", "password123" and many more.. Many routers come with default credentials "admin:password", and there are a few people (believe me, the number is far below our guess) who actually reset them/change them.. Rest, just leave them untouched..

So my first guess on this challenge for the password was "password", and yes it was correct..


So now you know the basic way this blog will work.. I will try and solve every puzzles/challenges around the internet, and share my understandings/findings/knowledge with you people so that you can learn and find some new things on your own and contribute some of that knowledge here to keep the knowledge sharing chain going..


Read More

Hack Solutions - Intro

Leave a Comment

Welcome to my blog Hack Solutions.

Hacking has always been my favorite subject to perform some research. It intrigues me, how a person can force break himself into a remote system, how he understands each and every underlying code of every software or network systems and penetrate right through it..

Hacking is an art.. You can always learn the basics on the internet, but true talent of breaking things and fixing them again and again till they become unbreakable, comes from within.. Some selected are naturally talented with this art, while others crawl their way up the ladder by working hard and understanding the logic.

As being a script kiddie, I can not explain this vast field into a few works or paras, but it sure is very interesting and acts as a time machine if you ready delve into this ocean. The game starts from any point, you just have to adapt the environment as quickly as possible and act accordingly..

Anyways, the point of starting this blog is to share some knowledge regarding this incredible field, share the solutions of the challenges I will solve in coming days from the websites like "CanYouHackIt", "HackThisSite", "Hackrypt" and many more like them.. Solving those challenges will open up portals of relevant information and knowledge, which I will share with you.. Further, you can also share some awesome articles or post which can help readers to understand some basic backbone topics of this field so that they can start off their own research and knowledge gathering experiments.

Hope to exchange some quality knowledge with you all..  
Read More