Hackertest.net

Introduction

When checking my twitter-feed there was a tweet from @Bill_Matthews with a reference to this site. Because I like a challenge, I had to participate. Like always I write up my findings to not only learn from the experience, but also in the hope it can help others.

Location

http://www.hackertest.net/

Description

HackerTest.net is your own online hacker simulation.

With 20 levels that require different skills to get to another step of the game, this new real-life imitation will help you advance your security knowledge.

HackerTest.net will help you improve your JavaScript, PHP, HTML and graphic thinking in a fun way that will entertain any visitor!

Have a spare minute? Log on! Each level will provide you with a new, harder clue to find a way to get to another level.

Will you crack HackerTest.net?_

Level 1

level1

Checking the source code there is a script:

</script>

</head>
<body onLoad=password()>

{
var a="null";
function check()
{
if (document.a.c.value == a)
{
document.location.href="http://www.hackertest.net/"+document.a.c.value+".htm";
}
else
{
alert ("Try again");
}
}
}

var a is a string which will be accepted as the password. In this case ‘null’.

Level 2

level2

Again I find the answer in the source code.

var pass, i;
pass=prompt("Please enter password!","");
if (pass=="l3l") {
window.location.href="http://www.hackertest.net/"+pass+".htm";
i=4;
}

To make no mistakes…..it says l3l, not 131

Level 3

level3.JPG

The answer is again in the source code.

</head>
<body onload=javascript:pass(); alink="#000000">

function pass()
{
var pw, Eingabe;
pw=window.document.alinkColor;
Eingabe=prompt ("Please enter password");
if (Eingabe==pw)
{
window.location.href=String.fromCharCode(97,98,114,97,101)+".htm";
}
else
{
alert("Try again");
}
}

pw = windows.document.alinkColor > alink = #000000

Level 4 + 5

level4.JPG

When I click the link it takes me to the level 5 (I guess level 4 is a present). But because I don’t have the right password it closes the page and brings me back to level 4 page. To solve this problem I copy the location from the hyperlink and use it with ‘view-source:’ in front of it. Like always the solution is in the source code.

var pass, i;
pass=prompt("Password: ","");
if (pass=="SAvE-as hELpS a lOt") {
window.location.href="save_as.htm";
i=4;
}else {alert("Try again");
window.location.href="abrae.htm";}
// -->

Level 6

level6.JPG

Looking at the source code there is a js file named psswd.js. When I follow it, I get the answer of this riddle.

<!--
var pass;
pass=prompt("Password:","");
if (pass=="hackertestz") {
window.location="included.htm";
}else 
alert("Try again...");
//-->

Level 7

level7.JPG

When looking at the source code the answer can be found in /images/included.gif.

level7-pwd

Level 8

level8

When looking at the source code it says:

<!-- YOU'RE LOOKING IN THE WRONG PLACE... GO BACK! -->

But after looking down the code I found /phat.php. When following that file I got /images/phat.gif and when I viewed that file there was a remark about looking for a PhotoshopDocument. Instead of looking for /images/phat.gif, I looked for /images/phat.psd. After downloading the file and stripping all the layers, there was an username and password visible.

level8-hint2

Level 9

level9

The answer is found in the source code.

Password: Z2F6ZWJydWg= add a page extension to that
echo 'Z2F6ZWJydWg=' | base64 -d
gazebruh

Level 10

level10.JPG

On the site there is a piece of text. I notice that there are some letters that are in italic.
When I make a string of these letters, I get ‘shackithalf’. This turns out to be the password to advance.

In the source code there is the part I need to get to level 11.

<font color="#FFFFFF">Level 11: rofl.php</font>

Level 11

level11

When viewing the souce code, I find the answer for the next level.

<meta name="robots" content="goto: clipart.php">

Level 12

level12.JPG

In the source code there is another picture. When looking closely at the picture, I can see the answer to next page. There is a clue about using graphic software. But that’s not needed.

level12-hint1.JPG

Level 13

level13

When viewing the source code, I notice images/lvl13.gif. When looking closely again, I get a clue.

level13-hint1

<Data ss:Type="String">4xml.php</Data>

Level 14

level14

When viewing the source code there is a gif. To split the gif file I use https://www.gif-explode.com/

level14-hint2.JPG

Level 15 + 16

level15.JPG

level15-hint1

<!-- level 17: /images" -->

Following the directories, I get a broken jpg. After a hexdump I can see the answer.

level16-hint

Level 17

level17

In the source code there is a piece of code with the answer.

<font color="#FFFFFF">Password: your IP address</font><br>

When I enter my IP address as password there is a piece of text with the answer for the next level.

Warning: Cannot modify header information - headers already sent by (output started at /home3/jskenned/public_html/hackertest/unavailable/Ducky.php:12) in /home3/jskenned/public_html/hackertest/unavailable/Ducky.php on line 58
../level18.shtml

Level 18

level18

Think like a n00b. Looking at http://www.hackertest.net/images/n00b.gif the hint was clear. The answer wasn’t in the source code either. To clear this level, you really have to think like a noob and try the password ‘password’.

/level19.shtml << told ya to think like a n00b!!!

Level 19

level19

When looking in the source code the answer is right there.

<td width="100%" background="images/level20_pass.gif">

When I use gimp to read the gif file I get the answer for the next level.

level20-hint1

Level 20

level21

Looks like the first string is hex and the second one is base64 encoded. It requires time… be patient. The first line is decoded quickly.

level21-hint

After I decode the second line, I get another base64 encoded text. It takes me a few times before I get at the end.

level20-hint2

@Bill_Matthews pointed me out I missed something on this page. After looking closer I found the thing he was pointing out. You can read it in the source code, but it is also readable when selecting all text (CTRL+A).

 ^^^^^^^^^^ Change domain, add "22332" at the end, reach it and then get hold of ... ^^^^^^^^^^

After trying different options, I came out at http://www.hackertest.net/gb22332/ which tried to load http://www.hackertest.net/gb22332/login.php and resulted in an error 505.

Not Found
The requested URL /gb22332/login.php was not found on this server. 

Additionally, a 505 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Maybe a hint.

curl "http://www.hackertest.net/505/"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD><BODY>
<H1>Not Found</H1>
The requested URL /505 was not found on this server.<P>
<P>Additionally, a 403 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.
</BODY></HTML>
curl -v "http://www.hackertest.net/505/"
* Trying 66.147.244.50...
* Connected to www.hackertest.net (66.147.244.50) port 80 (#0)
> GET /505 HTTP/1.1
> Host: www.hackertest.net
> User-Agent: curl/7.50.1
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.10.1
< Date: Sun, 28 Aug 2016 15:09:03 GMT
< Content-Type: text/html; charset=iso-8859-1
< Transfer-Encoding: chunked
< Connection: keep-alive
< Location: http://www.hackertest.net/505/
< X-Cacheable: YES
< X-Served-From-Cache: Yes
< 
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.hackertest.net/505/">here</a>.</p>
<hr>
<address>Apache Server at www.hackertest.net Port 80</address>
</body></html>
* Connection #0 to host www.hackertest.net left intact
http://hackertest.net/505/403/
What is the answer to life, the universe, and everything?

This lifts my spirit. A hint to ‘The Hitchhiker’s Guide to the Galaxy’?
In the source code there is a comment.

<!-- Add a file extension to that -->
http://hackertest.net/505/403/42.php --> nothing
http://hackertest.net/505/42.php --> nothing
http://hackertest.net/42.php

finish

the_end

 

Conclusion

 

Because I missed a crucial piece of the puzzle I thought this challenge was ending a bit odd. But after finding the missing piece, I finally could finish this challenge with a satisfying feeling.

To learn how to hack and execute pentesting, I would suggests some other (and in my opinion better) resources, but to really finish this challenge you definitely need the hacker mentality! Nonetheless I enjoyed this challenge.

Still there are some questions left unanswered. Like, what is the secret code for? Why was there a comment in the gif file containing a gmail address?

I let these questions to others who are interested in solving a peculiar puzzle. If you do find the answers…let me know.

Advertenties

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit / Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit / Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit / Bijwerken )

Google+ photo

Je reageert onder je Google+ account. Log uit / Bijwerken )

Verbinden met %s