Sign in to follow this  
Followers 0
v90

Fun Wargame

28 posts in this topic

kamikaza.ffk.hr/wargame/

Tons of fun, I'd recommend doing cat $LEVEL.sh/pl/c |grep -v TIP though as it's funner that way ^_^ Writing my first buffer overflow is kind of a bitch :blink::(

Ntheory is already up there (same level as me), hope to see you guys on the wall of fame!

0

Share this post


Link to post
Share on other sites

croatian wargaming....to bad the link doesn't seem to work...

0

Share this post


Link to post
Share on other sites

Heh, I was going to wait to post about this one. I've got something special in store for this wargame.

Yeah, writing a buffer overflow is a bitch. I've honestly never done it before but I now know all the theory behind it it shouldn't be that hard. We'll see.

Good luck to all. Anyone that needs help (obviously on a level below whatever I'm on :P) feel free to PM me.

0

Share this post


Link to post
Share on other sites
croatian wargaming....to bad the link doesn't seem to work...

Works from here... sometimes their DNS is FUBAR though.

My nslookup says this:

Non-authoritative answer:

Name:   kamikaza.ffk.hr

Address: 161.53.51.222

Give the IP a shot and see what happens. It should bring you to Illegal Instruction Labs. There are links to it from there.

0

Share this post


Link to post
Share on other sites

At times like this I just want to yell out.... MY DNS SERVER IS BETTER THEN YOURS!!! :lol::lol::lol:

The theory yeah, I knew that, but damn, NOPs' are not printable, so it's a bitch to try to move them, I don't know C, I know Assembly better probably :huh:^_^ So I'm trying to look at exploit code and think of it in terms of Assemly :lol: But I'm not good enough to write my own shell code (Alot because of Linux hacks not agreeing on a fscking call god damn it, stop moving execve around!) :blink: Kinda getting to me but I think I'm close to finally writing it...

This is too fscking fun though, if I get a spare box I'll try to set a war game like this (and hackers lab of course) up, it's tons of fun, except I'll probably just have like 2 medium problems (like 8-11), and then you gotta crack big things (ie. buffer overflows, off by ones, etc.),

0

Share this post


Link to post
Share on other sites

How the hell does the ret get written with 7 bits?!?! Is 7 bits even fscking possible?!?! This is really agravating <_<

It's starting to really piss me off :pissed: :blink: I'm gonna re-reads Aleph1's text, then read some of Mudges (Since you AT&T fools can burn!!! :P) cause if this ain't working by sunday I'll just start asking on Vuln-Dev :)

0

Share this post


Link to post
Share on other sites

you know hhc is doing wargames as well if your looking for remote hosts to own.. just get on irc.hakt.tk #chat and ask about the hostnames and such, I gave axid compleat control of the dns long ago.

0

Share this post


Link to post
Share on other sites
How the hell does the ret get written with 7 bits?!?! Is 7 bits even fscking possible?!?! This is really agravating <_<

You sure you need to do it in 7 bits? I thought on level 12 you only needed to avoid using a NULL.

I need to get onto level 13 but work is kicking my ass again. Maybe this weekend. <_<

0

Share this post


Link to post
Share on other sites

No, I have no NULLs in my shellcode, but I did a gbd "backtrace" and it showed that the ret adress that I overwrote was only 7 bits... That's not possible ^_^

0

Share this post


Link to post
Share on other sites

Ahhhh... I thought you were saying that you needed to specify your return address with 7-bit characters only.

Nevermind. :P

0

Share this post


Link to post
Share on other sites

Just FYI it appears as if level0 and level1 are broken since someone removed the SUID bit. If you're stuck because of that on any level up to 12 just send me your solution and I'll send you the password for the next level.

I know a few people here are just getting started on it and it can be extremely frustrating doing the right thing and getting the wrong results. :P

0

Share this post


Link to post
Share on other sites

Nevermind, it's all better (I think I was just being stupid).

0

Share this post


Link to post
Share on other sites
I cant seem to get to this page, anyone else having problems?

Read some of the first posts? ;)

I got to level13, and damn am I happy!!!! :D

0

Share this post


Link to post
Share on other sites

Ahh.... Ok, I started this thing 5 hours ago and I'm up to level 12 and I can stands no more. The buffer overflow thing is kicking my ass, maybe I should take a break and start at it tomorrow. Good job to those who have made it this far.

0

Share this post


Link to post
Share on other sites

All the first levels are easy, but I spent days on level12, level13 is easy, I've been playing too many wargames at the same time to concentrate on 14 :lol:

You can code so I'm sure it won't be too much of a problem for you...

0

Share this post


Link to post
Share on other sites

this thread prompted me to goto try2hack.nl, just b/c i bookmarked it like a year ago or so but never went to it. however, i cannot get past level 3, even tho i know the password is "AbCdE" (see at source code). wtf?

//start source code excerpt

<script language="JavaScript">

     <!--

     pwd = prompt("Please enter the password for level 3:","");

      if (pwd==PASSWORD){

       alert("Allright!\nEntering Level 4 ...");

       location.href = CORRECTSITE;

     }

     else {

       alert("WRONG!\nBack to disneyland !!!");

       location.href = WRONGSITE;

     }

   PASSWORD="AbCdE";

     CORRECTSITE="level4-sfvfxc.xhtml";

     WRONGSITE="http://www.disney.com";

     //-->

   </script>

 </head>

0

Share this post


Link to post
Share on other sites

If it's the same wargame I'm thinking of you're still missing something (the password is something else).

0

Share this post


Link to post
Share on other sites
this thread prompted me to goto try2hack.nl, just b/c i bookmarked it like a year ago or so but never went to it.  however, i cannot get past level 3, even tho i know the password is "AbCdE"  (see at source code).  wtf?

//start source code excerpt

<script language="JavaScript">

      <!--

      pwd = prompt("Please enter the password for level 3:","");

      if (pwd==PASSWORD){

        alert("Allright!\nEntering Level 4 ...");

        location.href = CORRECTSITE;

      }

      else {

        alert("WRONG!\nBack to disneyland !!!");

        location.href = WRONGSITE;

      }

    PASSWORD="AbCdE";

      CORRECTSITE="level4-sfvfxc.xhtml";

      WRONGSITE="http://www.disney.com";

      //-->

    </script>

  </head>

i remeber the solution to this level. Do you want me to spoil it? i'll just tell you that the password in the souce is a decoy. :)

also, can you PM me the solution to level 2? i have done it before and don't want to bother with the flash decomp. again.

0

Share this post


Link to post
Share on other sites

i just came around to seeing this thread so i went off to level1 but there is nothing in the /home diretory anybody else have this problem or am i just stoned :huh:

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0