This tutorial is to help anyone who is struggling with any of the site challenges. Rather than provide a walkthrough though this aims to give you a few more hints in the right direction.
Basic Challenge 1
This simply requires seeing the site's source. Look for clear English rather than html code.
Basic Challenge 2
Basic Challenge 3
This will require some research. See if the contents of the text file may give you a clue to what you need to research. wikipedia has a helpful article, and so does the articles section of this site :)
Basic Challenge 4
Basic Challenge 5
This one is actually fairly easy, don't overthink it. the source may reveal something about this email form. the problem is changing this information. Saving a copy of the webpage wont work alone.
Basic Challenge 6
Search engine crawlers (spiders) have to read the contents of a certain file first because site owners don't want some of their pages included in search results. the file displays disallowed pages in cleartext in a file and if you view the text file, you may be able to visit them.
For a little more help click here
Basic Challenge 7
Another you either know or don't. search for the hint listed on the page, maybe you'll find a few useful things. try them on this site and see what happens.
Then you find an encrypted password. this password is the same encryption unix will use as well as htpasswd logins so it would definitely help if you learn how to crack it. there are some great crackers out there. look for John :)
Basic Challenge 8
Some applications can just be cracked by opening them in a text editor but not this. instead you should try to patch it using ollydbg. This is a common method of cracking applications and there are some tutorials here on how to use it.
Opening it up in ollydbg just shows a lot of hard to understand text, but to start off click search for --> all referenced text strings. this will make things easier. double clicking them shows you where they are in the program. you are also interested in the "fill with NOP" command.
Basic Challenge 9
The simple substitution cipher. This encryption just swaps letters for other letters in the alphabet with nothing else involved. This basically comes down to guess work with also some general knowledge such as the letter 'e' being the most common letter in the English language. try swapping the most common letter in the text with 'e' and go from there.
Also look for small words that might be common words such as 'the' or 'is' for example.
Basic Challenge 10
First find the direct location, then download it. This may not be as easy as expected. Decompilers are your friend.
Realistic Challenge 1
Realistic Challenge 2
This is fairly hard. The first step involves exploiting a certain form using SQL. Then after that, the challenge gets a little easier. There's an obvious method that should be tried then you will need to decrypt something then the last part of the challenge will be easy.
Realistic Challenge 3
This is slightly easier than the previous realistic challenge. A lot of the pages are just decoys and need to be ignored. But one contains an extra (hidden) element that can be exploited. Once you've figured out how to do this, half of the challenge is already done. Next, just think what could be added to change the functionality in some way.
Realistic Challenge 4
Again, fairly hard. Look for an input that can be changed and see what happens. Then next you will need to look for the (Highlight for spoiler: Include Path) Once that has been found it should be easy to manipulate the script and use it to explore parts of the site you perhaps shouldn't be allowed to.
Programming Challenge 1
Limited help available here. Look for a promogramming language that has utilities to crawl and fetch / scrape page content.
Bonus Challenge 1
This again requires viewing the sites source. How you do that is up to you. There are a few different ways to do this without the page even loading.
Bonus Challenge 2
The form gives this away. Even though something may appear encrypted in a strange unrecognisable text, using a search enging may help you find out more.
Then the next step once this is decrypted is changing it. If you have already done the email challenge, you should have no problem.
Bonus Challenge 3
This can be done by tweaking settings in modern browsers ("about:config") or even possibly through a browser extension.
Bonus Challenge 4
The page contains something hidden. Compare the page to another challenge page. even if it looks like part of the site, check it out it may be useful.
Bonus Challenge 5
The image - rather than having something hidden in the image has a whole file hidden inside of it once you find out that file, the challenge is done :)
Bonus Challenge 6
Bonus Challenge 7
Nothing complicated about this, just plain old brute forcing, all you have to do is find decent programs to do the job. The passwords are short, so shouldn't take too long to crack.
Bonus Challenge 8
This is common sense. However, it doesn't involve guessing the password, you will find the password if you think about this challenge. Look for any differences between this challenge page and others.
Bonus Challenge 9
Don't overthink this. Follow each of the bullet points top to bottom and it should be fairly straight forward.
Application Challenge 1
Get a basic hex editor and look at the app's code. It should be fairly easy to find what (or where) the app is looking for.
Application Challenge 2
Again a hex editor is useful. There are a few ways to do this, the simplest being keyboard shortcuts. Edit one of the buttons to include a shortcut and it is already complete.
Application Challenge 3
This can be done with a text editor. Just view the app and try and find what is being checked. Try copying and re-running and this challenge is solved.
User Challenge 1
User Challenge 1
This is basic stegano, read the stegano tutorial and the challenge should become easier to understand. It will probably be a lot simpler than first thought.
For further help please use the forum.
Online (last 15 mins): mehrdadlinux