damn I forgot about this challenge

I wonder why it actually had so little relation to Web (application) security. Maybe something to take into account for the next round, rsnake. I guess you know what I mean, won't tell it now for those who are still trying.

Regards,
- http://christ1an.blogspot.com

_______________________
[[url=http://php-ids.org]php-ids.org[/url]] Web Application Security 2.0

NoS Wrote:
-------------------------------------------------------
> Ok, thank you RSnake for this interesting
> competition.
> Congratulations to everyone who have won and who
> will win.
> Special cheers to Stefan - man, am I curious how
> you did it.
> I'm off to sleep now - it's 2 a.m. where I'm
> living and it's off to work early in the
> morning...


Gratz NoS on being first, :)

Wooo, I got it, finally. Now I can go to class, :p

Congrats, Kuza55! Nice! You were pretty close an hour or so ago, you probably would have done better had you not taken the train!

- RSnake
Gotta love it. http://ha.ckers.org

By the way, my lazy XSS attempts surely didn't work, did they? :)

Regards,
- http://christ1an.blogspot.com

_______________________
[[url=http://php-ids.org]php-ids.org[/url]] Web Application Security 2.0

rsnake Wrote:
-------------------------------------------------------
> Congrats, Kuza55! Nice! You were pretty close an
> hour or so ago, you probably would have done
> better had you not taken the train!


I was sorta kicked out of the house and told to go to school (stupid morning assembly, mutter, mutter, mutter) - and there are no internet cafes in my suburb, :p

And of course the one day it could have actually been useful, my XDA just refused to connect to our wifi network when I was standing just outside our apartment, *sigh*

Oh woe, oh woe, :P

Its all good, :)

P.S. Smilie abuse is fun, >_< ^_^ 0_o

How can it be possible that I found clue 1 and clue 3 without finding clue 2? I wasted so much time and I just cannot win. I looked at the solution of the first challenge and concluded that there are almost infinite ways you can andle the data transmitted so that I stopped trying to solve it. I have another way to get a T-Shirt, though. I will just rob you and buy one.

@kuza55 - I figured something like that must have happened. Oh well, at least you are in the winner's circle where you belong.

@Psychopath - Hahah, yes, there are nearly an infinite wrong answers. But only one right one. I'll explain how it works once ten people solved it in a spoilers file. It's pretty easy once you know how it's done, but it's definitely not a simple task if you are simply brute forcing it.

- RSnake
Gotta love it. http://ha.ckers.org

We've got a new winner, "Jibbler"! Nicely done!

- RSnake
Gotta love it. http://ha.ckers.org

curse you clue3!!! what do you mean!?

-tx @ lowtech-labs.org

Hahaha... so close and yet so far... I guess you just need to put it all together. :)

- RSnake
Gotta love it. http://ha.ckers.org

Am I at least as close as some others? :D

EDIT: Nevermind. I figured out what was going on.



Edited 2 time(s). Last edit at 08/20/2007 07:33PM by barbarianbob.

@Psychopath - looks like you are just over 1/2 way there from what I can see. It's hard to tell because I didn't log cookie data. It would have just been too much data to sort through.

- RSnake
Gotta love it. http://ha.ckers.org

Ok, then I give up.

barbarianbob is the 8th winner! Nicely done!

- RSnake
Gotta love it. http://ha.ckers.org

well time for me to go home (was I at least close?)
Good luck to everyone trying, I'll probably give it another crack later tonight after I meet with a bottle of whiskey.

-tx @ lowtech-labs.org

I'm off to bed too. It's like 05:00 here in Europe.

Stuck with the sesame and those random-looking thingies :P

@tx - you got the first and the third clue it looks like... so you probably were about 1/2 way there.

@AnonymousCoward42 - there are quite a few red herrings. ;) Sweet dreams.

- RSnake
Gotta love it. http://ha.ckers.org

Damn, I am too rusty on this stuff. Too much working with switches and routers and dumb people killing there desktops.....
I dont think I am anywhere close. And I smell like herring

*sigh*

4 Yes
1 No
2/6pts

So close... Grr.

6 Yes
0 No

and yet I get 2 out of 6... weird, huh?

istari Wrote:
-------------------------------------------------------
> 6 Yes
> 0 No
>
> and yet I get 2 out of 6... weird, huh?


Try removing/adding the cookies, I had that problem for a bit as well. Maybe that has something to do with what Stefan found?..../me is curious.

It doesn't have to do with what Stefan found, but please, no hints. :)

- RSnake
Gotta love it. http://ha.ckers.org

rsnake Wrote:
-------------------------------------------------------
> It doesn't have to do with what Stefan found, but
> please, no hints. :)


Ah, sorry, my bad. Should I edit my post above?

9 or 10 winners?

-tx @ lowtech-labs.org

well, the challenge is now closed, so i guess i'm outta time :(

anyway, i found which cookie was the problem, but i couldn't fix it in time, so...

Ahh well, it means I can stop stressing over whatever I was missing. ;-)

Uhh. weird. Now the exact same input is giving me a different result. With the exact same curl as before, so it's not a caching or browser quirk issue.

I did notice a minor bug that might have caused part of that, which I fixed. Please resubmit whatever you tried before in the off chance that is now fixed.

- RSnake
Gotta love it. http://ha.ckers.org