|
lurn 2 hAAAAACK (pg. 6)
|
View this Thread in Original format
| sym |
| Lil help with level 4? The others were pretty much a breeze... I decompiled level 4, but not knowing Java I cant make much out of it... any hints? |
|
|
| dj ZevZ |
| Kind a stuck in level 4 help plzzz! |
|
|
| Magimaster |
| What in gods name do you do for level 3? |
|
|
| TiestoInTheMix |
mwahahaha, stupid me, i hacked level 4, i'm a 5|_||04|-| 1337 |-|4x0r !!!!!
i'm off to hack level 5 and then microsoft!!!
here's 2 hints for ya'll for level 4:
since the applet doesn't contact the server, it stores the password on your computer.
and if you still have no clue:
public void init()
{
setLayout(null);
setSize(361, 191);
add(txtlogin);
txtlogin.setBounds(156, 72, 132, 24);
label1.setText("Please Enter Login Name & Password");
label1.setAlignment(1);
add(label1);
label1.setFont(new Font("Dialog", 1, 12));
label1.setBounds(41, 36, 280, 24);
label2.setText("Login");
add(label2);
label2.setFont(new Font("Dialog", 1, 12));
label2.setBounds(75, 72, 36, 24);
label3.setText("Password");
add(label3);
add(txtpass);
txtpass.setEchoChar('*');
txtpass.setBounds(156, 108, 132, 24);
lblstatus.setAlignment(1);
label3.setFont(new Font("Dialog", 1, 12));
label3.setBounds(75, 108, 57, 21);
add(lblstatus);
lblstatus.setFont(new Font("Dialog", 1, 12));
lblstatus.setBounds(14, 132, 344, 24);
ButOk.setLabel("OK");
add(ButOk);
ButOk.setFont(new Font("Dialog", 1, 12));
ButOk.setBounds(105, 156, 59, 23);
ButReset.setLabel("Reset");
add(ButReset);
ButReset.setFont(new Font("Dialog", 1, 12));
ButReset.setBounds(204, 156, 59, 23);
lbltitle.setAlignment(1);
add(lbltitle);
lbltitle.setFont(new Font("Dialog", 1, 12));
lbltitle.setBounds(12, 14, 336, 24);
String s = getParameter("title");
lbltitle.setText(s);
ButOk.addActionListener(this);
ButReset.addActionListener(this);
infile = new String("level4");
try
{
inURL = new URL(getCodeBase(), infile);
}
catch(MalformedURLException _ex)
{
getAppletContext().showStatus("Bad Counter URL:" + inURL);
}
inFile();
} |
|
|
| Acid Junkie |
| quote: | Originally posted by Dmatrox
i used DoDi's Visual Basic Tools to decompile the exe, but i have no understanding in VB code, so i cant figure it out :( |
it's easy
here's where your real login is
If txtUsername <> Mid(mc001A, 56, 1) & Mid(mc001A, 28, 1)
& Mid(mc001A, 35, 1) & Mid(mc001A, 3, 1) & Mid(mc001A, 44, 1)
& Mid(mc001A, 11, 1) & Mid(mc001A, 13, 1) & Mid(mc001A, 21, 1)
here's where your real password is
If txtPassword <> Mid(mc001A, 51, 1) & Mid(mc001A, 31, 1)
& Mid(mc001A, 30, 1) & Mid(mc001A, 51, 1) & Mid(mc001A, 16, 1)
& Mid(mc001A, 45, 1) & Mid(mc001A, 24, 1) & Mid(mc001A, 29, 1)
& Mid(mc001A, 26, 1) & Mid(mc001A, 19, 1) & Mid(mc001A, 28, 1)
& Mid(mc001A, 11, 1) & Mid(mc001A, 30, 1) & Mid(mc001A, 19, 1)
& Mid(mc001A, 25, 1) & Mid(mc001A, 24, 1)
here's the hash source which is used for encryption
Const mc001A =
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.,:;-*+=~|&a
mp;!_$#@()[]{}<\/>"
:) ;)
i stuck on level 6 :( |
|
|
| Acid Junkie |
almost done with level 6
bwuahahaha! :disbelief
|
|
|
| TiestoInTheMix |
| quote: | Originally posted by Acid Junkie
it's easy
|
*TiestoInTheMix bangs his head on the wall and on the keyboard...
it took me 30 minutes to go through the files and realize they don't contain any hint of a pasword at all (i guessed the username though).
it took me 1 hour to find a decompiler.
it took me 30 minutes to realize that the damn thing won't work and even if it did, i would be reading something that'd look like chinese to me.
thanks to acid junkie i got the password...
i am currently on level 6... thank god i browsed the usenet before and found out that you can't decompile vb5 and vb6 at all... otherwise i would have spent the whole night doing it...
and the goddamn level 6 proggie DOES connect to the internet, thus it must mean it retrieves the password from the server and therefore
*TiestoInTheMix bows his head and gives up...
*TiestoInTheMix will never be a hacker (well, as long as these damn vb3 decompilers don't work!!!)
:nervous: |
|
|
| Acid Junkie |
yay!
ababa aabaa baabb aabaa ababa baaab aabaa baabb aabaa abbaa
stands for the url of the next level!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
it's http://www.try2hack.nl/levelseven.html
and that's where i'm giving up. i have no idea how to overcome the script...
acid junkie looks under his bed, pulls out his old books on perl scripting, wipes off the dust, and starts to read to find anything useful...
|
|
|
| Acid Junkie |
| quote: | Originally posted by TiestoInTheMix
and the goddamn level 6 proggie DOES connect to the internet, thus it must mean it retrieves the password from the server and therefore
|
that's the whole point! the trick is that u can leech whatever the program sends and when u do it u'l find encrypted username/password/urlofthenexlevel :clown: |
|
|
| TiestoInTheMix |
| quote: | Originally posted by Acid Junkie
that's the whole point! the trick is that u can leech whatever the program sends and when u do it u'l find encrypted username/password/urlofthenexlevel :clown: |
i know and that's the problem, i don't know how to do it. i tried setting the proxy to 127.0.0.1 which is probably stupid, but that's all i could come up with |
|
|
| Acid Junkie |
| hm proxy? no. a firewall that can log all traffic in *both* directions could help u better than a proxy cause u need to look through the outgoing traffic, not the ingoing. a firewall or a sniffer for tcp/ip protocol such as NetworkActiv Sniffer 1.4.2.1. |
|
|
| TiestoInTheMix |
| quote: | Originally posted by Acid Junkie
hm proxy? no. a firewall that can log all traffic in *both* directions could help u better than a proxy cause u need to look through the outgoing traffic, not the ingoing. a firewall or a sniffer for tcp/ip protocol such as NetworkActiv Sniffer 1.4.2.1. |
aha! that's exactly what i was searching for on the usenet, too bad the damn archives didn't have anything...
thanks for the proggie,man, it's very useful!
and now i'm off to decipher that... omg, it looks scary... |
|
|
|
|
