Non-simulated levels rulez

I too enjoyed this one. When it was working ;)

So what you’re trying to say is that it’s not working anymore? :D

@Fireshard It is now, but I think I may have broken it somewhere along the way. @flabbyrabbit to the rescue and all is good again :)

This is why I wanted to get this level up and running as soon as possible. There are going to be problems but hopefully soon we will have a good solid platform to build some interesting levels on top of.

Next in the pipeline is to get a status indicator running so we will be able to easily see if everything is running.

@flabbyrabbit While we’re at it, any chance of a list of solvers for a particular challenge?

Similar to: https://www.sabrefilms.co.uk/revolutionelite/challs.php?challs=A%20Vital%20Clue

sabre

… or at least how many people solved the challenge ?

Hi,

So is this level fully functional now?

Anyone who has completed the level can provide some hints?

Also why does it show at the end? Is it suppose to be like that or it’s a code error.

It’s fully functional. Shtml is not important. Likely a typo

Would someone mind chatting with me via PM about this challenge? I am not looking for the solution, butI feel that I am pretty close. I want to make sure that I am on the right track before I assume something on the back end is not working correctly.

I cannot really post much here without major spoilers.

@0x90 PM me if you like.

I don’t get the meaning behind this whole “non-simulated” thing. What does that mean?

@DJDavid98 Most realistic or exploit challenges on this site are simulated, similar (I believe) with SQLi challenges. This means that the vulnerability is not real on this system. A strict set of rules are put in place so that it ‘acts’ like a vulnerable system.
The advantage of this method is that there is no real threat to the server, database or site.
The disadvantage is that some things which likely would work in the wild would not work on the challenge perhaps because the challenge creator did not think of them or manage to include them in the rules.

This challenge is classed as ‘non-simulatred’ Personally I would call it ‘mostly non-simulated’ or ‘quazi-simulated’. this time the vulnerability is real, but because there are rules in place to stop things reaching a dangerous level, it is never fully non-simulated due to this.
The advantage of the non-simulated method is that just about anything that would actually work in the real world would work on the challenge.
The disadvantage is that if implemented poorly, it could create a security issue for the site.

Hope that helped.
sabre

@sabretooth: Very well-explained for Real Level 6. I assume that the level is “mostly non-simulated” because all the files is still in the domain hackthis.com.uk; and there are some rules to prevent security issues. Am I guessing right?

Thank you for that crystal clear explanation @sabretooth !
I guess so @freewind1012

Hello everyone, I suspect that the Challenge is broken or I’m not on the right track.
Can someone that completed it check if I’m right with everything I did, probably through PM?

@new_luca I’ll check it out and report back

EDIT: Challenge is still working fine.

The challenge was down earlier in the day. If you think you have found a solution try submitting it again now.

The challenge is up and running.
What put me off was the fact that as sabretooth pointed out the challenge is not 100% real.
Some things are blocked for security reasons and I just had the luck to solve like that first time.

Very nice challenge, the idea came when I woke up, I cooked it while dreaming :)), spent hours last night before going to bed on it, but I’m happy now.

How long I have to wait for response?