Dear members of InterN0T,
As previously announced (http://forum.intern0t.net/intern0t-n...rity-team.html) we're setting
up a Web Application Security challenge for all of those out there who are interested
in trying out their hacker skills on a real live (and legal) target.
The target will be announced here in this thread, on twitter and IRC, while the complete
objectives will only be released here. There are a few rules (common sense) which has
to be followed as well, these are mentioned below.
Winners
Users: ande & IFailStuff
Site: EvilZone
Documentation
ande & IFailStuff:
http://evilzone.org/intern0t/intern0t.txt
http://evilzone.org/intern0t/2010-08...atermarked.png
http://evilzone.org/intern0t/2010-08...atermarked.png
http://evilzone.org/intern0t/2010-08...atermarked.png
http://evilzone.org/intern0t/2010-08...atermarked.png
http://evilzone.org/intern0t/2010-08...atermarked.png
http://evilzone.org/intern0t/2010-08...atermarked.png
InterN0T:
http://intern0t.blip.tv/file/4033285/
Rules
- It is forbidden to intentionally cause DoS conditions.
- It is strictly forbidden to try and break out of the Xen instance.
- Attacking other servers on the same host or network is strictly forbidden.
- You may only attack the IP and domain announced here.
- Avoid altering the target to deny other contest participants.
- You may attack any service hosted on the target, but avoid SSH.
- You may use any tool necessary to hack the target as long as you don't break the rules above.
Hints
- Do not waste your time trying to bruteforce passwords.
- Check out twitter from time to time, hints may be revealed occasionally.
- Read blogs and threads on InterN0T about Web Application Security.
Contact
- In case the server is down, contact Hestas or Rorok and inform them about this.
- I will be available on #intern0t at irc.darkscience.ws most of the day. (I may be afk too though.)
Timeline
The challenge starts some time at Saturday the 31st July 2010 (GMT+1).
The challenge ends around the 7th of August 2010 (GMT+1). If enough sub-
missions has been received then the challenge may end before.
Submissions
In order for us to see how you managed to "crack" the server, we'd like you
to provide some brief documentation. The layout overall doesn't matter but
One could look at the HSIYF documentation others made, to get an idea how
such a thing could look like.
Challenge
The target server will be restored from a backup each ~24 hours.
Topics such as: File-types, data encoding and decoding, linux and more will be included.
HaXx.Me #01 Target
Target: [THE CONTEST HAS ENDED]
Objectives:
- Find and gain access to "The Administration" section.
(This is only viewable by Administrators and no-one else.)
- Find the hidden thread which contains an "answer code".
- Optional: Write documentation on how you hacked the server!
Don't forget to have fun while you're doing this! 
If you fail, don't believe you're not good enough. Try Harder as the people
from Offensive Security tend to say, or simply give up and wait for the full
documentation which may include a video from InterN0T.
Best regards,
MaXe
LinkBack URL
About LinkBacks
Originally Posted by tekwizz123 
Bookmarks