Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12345Next
Current Page: 4 of 5
Re: Challenge
Posted by: rsnake
Date: August 20, 2007 09:26PM

We have our winners!

NoS (Sergey Novotarskiy)
Stefan Esser
AviD
Mario Heiderich
christ1an
kuza55
Jibbler
barbarianbob
David Lindsay
fidels

Congrats to all the winners!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: istari
Date: August 20, 2007 09:26PM

i was sooooo close! i just solved it, and i can't believe what i was missing! if i'd thought about it ten minutes ago, i'd be getting a t-shirt :(

anyway, it was a good contest, so thanks rsnake, and props to all the winners!

EDIT: I'm actually in the winner list! :D :D :D

@kuza55 - I'm guessing what Stefan found was more related to the way the script handles " (double quotes)... there's some odd behaviour there, and it may have been possible to do some code injection :P



Edited 2 time(s). Last edit at 08/20/2007 09:32PM by istari.

Options: ReplyQuote
Re: Challenge
Posted by: psifertex
Date: August 20, 2007 09:27PM

Well, it's odd. I resubmitted and now, I've got 3 Yes responses, 1 blank response that used to be a yes, and 3points. So the points are now in alignment with the yesses, but one of the answers that was working before is no longer valid.

Either way, thanks much for the contest, it was a lot of fun.



Edited 1 time(s). Last edit at 08/20/2007 09:28PM by psifertex.

Options: ReplyQuote
Re: Challenge
Posted by: thornmaker
Date: August 20, 2007 09:29PM

thanks rsnake - it was very fun. and congrats to all the winners!

Options: ReplyQuote
Re: Challenge
Posted by: tx
Date: August 20, 2007 09:31PM

I guess I might as well quit; it's one thing to shirk my responsibilities at work, but ignoring the gf is dangerous (there could be consequences).

congrats to the winners, I look forward to reading the spoiler.

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: August 20, 2007 09:33PM

For those who are simply stumped I put up the spoiler:

http://ha.ckers.org/challenge2/spoiler.html

@istari - too bad! It was getting to be a close call there, a number of people were getting reallly close.

@psifertex - not sure why one would stop working it works perfectly for me, but yes the un-alignment of the yes count was the minor bug.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: istari
Date: August 20, 2007 09:40PM

it looks like i was actually in time: i submitted the form as fidels (my username in some other sites), and when i looked again at the homepage i saw there were ten winners, so i assumed i was too late... but i'm on your list, sooo :D

will you be posting what stefan found? curiosity is killing me!

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: August 20, 2007 09:51PM

Yup, my very next post, give me a bit, I have to write it up correctly.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: DoctorDan
Date: August 20, 2007 09:56PM

Got it! Pretty fun! If only I had started earlier and didn't have to leave right in the middle of doing the challenge, maybe I would have found myself on the winners list :P

Nice work to all the winners!
Can't wait for the next challenge =D
-Dan

Options: ReplyQuote
Re: Challenge
Posted by: istari
Date: August 20, 2007 10:00PM

gonna be waiting for it...

btw, was the odd behaviour of the first riddle intentional? i mean, you could get the clue by answering the riddle, but you could also cancel the prompt...

Options: ReplyQuote
Re: Challenge
Posted by: thornmaker
Date: August 20, 2007 10:07PM

i never even got the trick to the first riddle until 4 hours or so into the challenge... i thought canceling the prompt was the correct way to get the clue. perhaps that's why i never got the "4 states per puzzle" concept until i saw the spoiler...

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: August 20, 2007 10:09PM

@DoctorDan - nice job! Better late than never. I have a feeling timezones and schedules made it harder for a lot of people.

@istari - that's your browser caching the request. If you look at Burp your browser is doing that, not my code. I could have turned off caching, but I didn't really see a need to. It actually made the challenge harder in a way because you had to realize that it's sending it and get rid of it. And since you asked here is how Stefan hacked the test: http://ha.ckers.org/blog/20070820/hackersorg-challenge-logic-flaw/

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: istari
Date: August 20, 2007 10:24PM

hmm, that's weird, because i cancelled the prompt the very first time i got the first clue. anyway, it did make things harder, at least until i saw the second riddle...

in any case, my special props go to stefan: what he did was quite clever, and shows he definately has some lateral thinking...

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: August 20, 2007 11:22PM

I can't see why that would happen, but I'm glad you figured it out!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: TarraDog52
Date: August 20, 2007 11:50PM

I also cancelled the prompt very first time and got the first clue - using IE6 @ work.

Quick question - to get 6/6 I never had to modify the admin cookie, the spoiler says

"The admin cookie needs to be modified ..."

should this read

"The answer cookie needs to be modified ..."?

Dunno, maybe I did modify it and couldn't remember.

Great challenge though, I tried to spend some time on it this morning (Aussie time) but was too busy with work.

Options: ReplyQuote
Re: Challenge
Posted by: Spyware
Date: August 21, 2007 12:43AM

Grrrrreat. Got the answer but it won't answer anything :/. /me thinks the input to CAPTCHA part is kind of vague, or I'm not getting something.

Ah well, guess I have to wait for challenge 3(?)

Options: ReplyQuote
Re: Challenge
Posted by: TarraDog52
Date: August 21, 2007 01:12AM

Spoiler removed



Edited 1 time(s). Last edit at 08/21/2007 01:27AM by TarraDog52.

Options: ReplyQuote
Re: Challenge
Posted by: Spyware
Date: August 21, 2007 01:22AM

I just found out that I couldn't get in because of a CAPITAL problem. -Thanks rsnake, couldn't re-do it last night because my parents thought I should get some sleep (-_-).

TarraDog, I understood that. You should remove the spoilers.

EDIT

"Your information has been logged, thanks for playing!". If I had time last night I am 100% I could've been top 10. I'll just complain to my mom until she gives me money or something.

Thanks for the challenge rsnake!



Edited 1 time(s). Last edit at 08/21/2007 01:26AM by Spyware.

Options: ReplyQuote
Re: Challenge
Posted by: evolution
Date: August 21, 2007 05:03AM

Well done to all those that have managed to complete the challange. I am stuck getting into aladins cave (if anyone wants to PM me a hint that would be nice...)

Good challenge rsnake, looking forward to the next one.

Options: ReplyQuote
Re: Challenge
Posted by: Anonymous User
Date: August 21, 2007 10:44AM

Quote

If I had time last night I am 100%

If I had time last night I would have been millionaire by now ;)

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: August 21, 2007 11:00AM

Me too!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge - help needed
Posted by: Gryptpype
Date: November 01, 2007 07:43PM

I wonder if someone here would be kind enough to help me out. I just discovered the challenges a few days ago. I got through #1 and have been working on #2 without much luck.

Even after reading the spoiler, I'm unable to make much progress. The most frustrating thing about this is that once, by accident (I suppose), I did manage to make it to the second riddle (about the truck driver). But I can't figure out how I did it!

I understand about the four states; and indeed, I've been able to get all four cookies (representing the states). I've set the "admin" cookie to the string that appears in the JavaScript (having to do with a relative named Robert). Yet even so, I can't figure out what else I need to do in order to advance to the second riddle. (... Even though I somehow did it once! Go figure.)

I've tried deleting the other three cookies (leaving only the "not a loser" one) and then answering the questions correctly. I've tried setting all the cookies to indicate that I'm "getting it", etc. but no matter what I do, I simply can't seem to get the next riddle to load. And I've tried refreshing the page... but that only seems to reinitialize everything and I have to start fresh.

Would some kind soul who has a clue to spare please lend me one? Thanks for any help...

Hercules Gryptpype-Thynne

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: November 04, 2007 09:50AM

There are four states to the question. The right answer, the wrong answer, the wrongly formatted answer (something it could never be) and a non-existent answer. Each one does something different.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: Anonymous User
Date: January 03, 2008 04:07PM

--Deleted by request--



Edited 1 time(s). Last edit at 07/01/2010 10:05AM by rsnake.

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: January 03, 2008 11:02PM

It's hard to tell where you are stuck by that comment, but make sure you send the correct Host: header as well, or you'll be seeing our base apache install, rather than the virtual host. See if that helps. Don't worry about being to newbish - that's what the site is for - so people can learn.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: Anonymous User
Date: January 04, 2008 08:53AM

--Deleted by request--



Edited 1 time(s). Last edit at 07/01/2010 10:04AM by rsnake.

Options: ReplyQuote
Re: Challenge
Posted by: Spyware
Date: January 04, 2008 09:55AM

Hey Daxx, I think you need to use Telnet once. You actually explained everything you have to do. You know how to "grab" the page using telnet, try it and then look through what you have found. If you still can't solve this PM me with what you are trying, and I'll see if I can give you a little push in the right direction.

Note: Don't over think this, RSnake made this so you had to focus on the challenge.

Options: ReplyQuote
Re: Challenge
Posted by: Anonymous User
Date: January 04, 2008 01:22PM

--Deleted by request--



Edited 1 time(s). Last edit at 07/01/2010 10:04AM by rsnake.

Options: ReplyQuote
Re: Challenge
Posted by: rsnake
Date: January 04, 2008 02:38PM

Make sure you are typing in the correct command:

GET /challenge/ HTTP/1.0
Host: ha.ckers.org

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Challenge
Posted by: Anonymous User
Date: January 04, 2008 03:25PM

--Deleted by request--



Edited 2 time(s). Last edit at 07/01/2010 10:04AM by rsnake.

Options: ReplyQuote
Pages: Previous12345Next
Current Page: 4 of 5


Sorry, only registered users may post in this forum.