Page 1 of 2

php challenges!!!!!!

Posted: Mon Feb 10, 2003 8:25 am
by Gold_Member
http://www.hackquest.com
the are some php challenges can u please help me to pass that challenges!! if u know how pass them, tell me plz!!!

Posted: Mon Feb 10, 2003 8:30 am
by patrikG
I would have to register on that website and click my way through it to see what the challenge, i.e. your problem, would be.

Could you post the text of the "challenge"?

Posted: Mon Feb 10, 2003 1:48 pm
by Gold_Member
ok! PHP 1: I said ONE cake
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>HackQuest - cracking,hacking,security,paintball,aviation</title>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<META NAME="AUTHOR" CONTENT="SkyFlash">
<META NAME="COPYRIGHT" CONTENT="Copyright (c) 2001 by SkyFlash">
<META NAME="Generator" CONTENT="Editpad">
<META NAME="ROBOTS" CONTENT="INDEX, FOLLOW">
<BASE TARGET="_self">
</HEAD>

<BODY BGCOLOR="#000000" BACKGROUND="../../webgraphics/background.gif" TOPMARGIN=2 LEFTMARGIN=2 MARGINWIDTH=2 MARGINHEIGHT=2 text="#FFFFFF" link="#00FFFF" vlink="#FF0000" alink="#00FFFF">

<table border="0" width="850">
<tr>
<td width="750">&nbsp;</td>
<td width="90">Challenge 1</td>
</tr>
</table>

<center>

<br><br><br>

<form action="/hacking/level201/level201.php" method="POST">
Username (15 chars max)<br>
<input type="text" name="name" size=15 maxlength=15 value=""><br>
Password (15 chars max)<br>
<input TYPE="text" name="password" size=15 maxlength=15 value=""><br>
<br>
<input type="submit" value="Enter">
</form>

</center>
</BODY>
</HTML>
there is only this!!! that is level201.php file!!!!!! :x

Posted: Mon Feb 10, 2003 2:01 pm
by patrikG
:?: Not sure what the challenge is in your code. Hit submit and the HTML-form will submit. No PHP in sight, apart from the

Code: Select all

/hacking/level201/level201.php
in form-action - and that's HTML.

Posted: Mon Feb 10, 2003 2:25 pm
by Gold_Member
how i can get php source??? i download that php but there is html!! and when i write wrong password and login he writes me :
Name: 'dsada' with Password: 'sdadasd' not a valid account.

Posted: Mon Feb 10, 2003 2:35 pm
by patrikG
You can't. Your computer only receives what the server dishes out - and that's after the PHP-code generated the HTML you receive.

You might want to register with that website and log in, though. :wink:

Posted: Mon Feb 10, 2003 2:44 pm
by volka
stupid question but may I ask what the purpose of this is?

Posted: Mon Feb 10, 2003 2:45 pm
by Gold_Member
that is hack challeges!!! there is 6 php challenges!!

Posted: Mon Feb 10, 2003 3:14 pm
by Stoker
uhm, did you sign up and log in? are you sure that is not just the login you have to do before ytou get to the actual challenge? otherwise I believ the challenge is in other places.,..

I don't care about signing up, but just trying these url's you get the same stuff, which I assume is missing session/login..

http://www.hackquest.com/hacking/level201/level201.php
http://www.hackquest.com/hacking/level202/level202.php
http://www.hackquest.com/hacking/level203/level203.php

Posted: Mon Feb 10, 2003 3:30 pm
by Gold_Member

Posted: Mon Feb 10, 2003 3:33 pm
by Gold_Member
i think that there is sum bug and we must search it!!

Posted: Mon Feb 10, 2003 3:51 pm
by patrikG
On this website http://www.hackquest.com you can register.

If you want to do the PHP-challenges you must do the following:

Step 1: register with them.
Step 2: use your login and password from Step 1 to log into the challenges.
Step 3: deal with the challenges.

The challenge will only come after you have logged in. That's the challenge.

Posted: Mon Feb 10, 2003 4:12 pm
by Gold_Member
i am registred user i pass all java challenges!!! i don't need to register!!

Posted: Mon Feb 10, 2003 4:16 pm
by Gold_Member
i logged in the web and login in the php challenge1 and tryed my http://www.hackquest.com login and pass:
Name: 'AGReSSoR' with Password: '***********' not a valid account.

Posted: Mon Feb 10, 2003 9:22 pm
by Stoker
well, i just spent a couple of minutes there, jumped to the last one and clicked the sourcelink which shows the script of the last page (which has sevreal insecure points in it), simply inputting a 'reg' and then log in and it shows "welcome to this secure site" .. if this had anything to do with the challenge it is just silly, or I am just missunderstanding the whole thingy..