XmaS LasT ReaL !? | Defend the Web

CME64
11 years ago

0

Hi,

I loved this website and I was looking for something similar for a long time.
I really was expecting some null poisoning and file uploading in this one at least, I’m a bit disappointed :( .
I know implementing that could cause a threat to the main website “hackthis” but it will be a mjaor useful info for those who want to learn new techniques (in a controlled environment). how about adding more techniques and scenarios other than logins?. I liked the 4th real, crypt and sqli because they were almost close to real situations. I would recommend to add null poisoning, dos attacks on admin users until the job is done (bot admin user) , database manipulation (like creating another secret admin account) and back-doors .. [Just a few ideas came to mind :) ]. I hope there is a plan for adding new creative scenarios to the levels soon.

Regards,

[deleted user]
11 years ago

0

Hi CME64 welcome! There is a level you need to use the null poison byte %00.
I’m sure you’ll find it.

Most of the levels on here are not meant to be too hard as the newbies
would get bored too soon and drive us nuts by their constant, “how do I do that?”
There is a plan to add more so keep checking in. :)

CME64
11 years ago | edited 11 years ago

0

Yes I remember i used it to retrieve the contents of a php file in some level but I meant as uploading the file with the name containing a null char before the actual extension type (right after the acceptable type) to bypass the extension checker.

Thanks for assuring that there will be more fun :-) .

*********** [ADIGA]
11 years ago

0

Well, im currently working on a new mission, if approved and added it would be a bit harder of what is already here.

it will contain sql injections, inline java script, hidden directories, local file includes, reverse a custom encryption and it will need some good amount of logic.

finished the very first part of it yesterday, still need like 80% done.

I Hate Signatures.