Guys, do you play at too many challenge sites like me?
If so, possibly you have encountered the same problem. Although I know the risk of using the same password for many accounts, as a human, I still can't overcome it. And as a result I had to change dozens of passwords last month when someone hacked HellBound Hackers and stole the password database, although I was pretty sure that it would take years for him to crack my password.
There are many password-manager software out there that try to give a solution to this problem, but they are insecure and inconvenient. You will still have to bring some data file from them with you to be able to log in from another computer. Even the implementation by Bruce Schneier the security guru still can't solve this problem completely.
Another solution to this problem is using online password managers. But as Internet security is bad these days, and privacy is just an enchanted word, I don't trust those so much.
Yesterday I stumbled upon OpenID, yet another solution for easy authentication. The idea is that you can use the same OpenID to authenticate on multiple websites. Being gradually supported by some big organizations, I guess OpenID will become popular for social networks soon. But surely it still lacks some trivial features for challenging.
So, which additional features do we need for OpenChallengerID? An universal user profile and ranking system. They are being developed under a new project that I, Gizmore and Inferno are working on. The project was original named WeChall, then changed to Challengers, but it's still not the official codename yet. And the project is still at the early stage of development. If you have any idea/suggestion feel free to contact us.
Saturday 15 December 2007
Thursday 13 December 2007
Electrica
Just solved 2 challs at Electrica and advanced to Veteran Trooper, so I thought I should write something about it.
Electrica the Puzzle Challenge is a cool challenge site by Caesum, one of the best challengers out there. It is located at http://www.caesum.com.
At Electrica you can solve puzzles on cryptography, steganography, maths, programming, executables, misc, and sokoban too :) The puzzles are organized quite well. You start with easy puzzles, and when you solve enough of them you get access to the harder ones. There is enough information to get you started, and at the site you can even find a cool challengers handbook written by Caesum, which covers basic knowledge and techniques for challenge solving.
Give it a try, guys!
Electrica the Puzzle Challenge is a cool challenge site by Caesum, one of the best challengers out there. It is located at http://www.caesum.com.
At Electrica you can solve puzzles on cryptography, steganography, maths, programming, executables, misc, and sokoban too :) The puzzles are organized quite well. You start with easy puzzles, and when you solve enough of them you get access to the harder ones. There is enough information to get you started, and at the site you can even find a cool challengers handbook written by Caesum, which covers basic knowledge and techniques for challenge solving.
Give it a try, guys!
Friday 7 December 2007
HackQuest
Hey guys,
The challenge site of today is HackQuest at http://www.hackquest.de. It is pretty much similar to TBS, with challenges divided into various categories: applet, crackit, crypto, exploit, flash, javascript, linux, logic, programming, special and stegano. Atm there are almost 100 challenges.
The major challenges at HackQuest are quite easy, but still there are some tough ones. The hardest one so far is "The invation II", which is solved only by Anto, although there's a £20 prize for the first solver.
There's surely more to tell about HackQuest, but probably my friend flamecruiser will want to provide more information :P
The challenge site of today is HackQuest at http://www.hackquest.de. It is pretty much similar to TBS, with challenges divided into various categories: applet, crackit, crypto, exploit, flash, javascript, linux, logic, programming, special and stegano. Atm there are almost 100 challenges.
The major challenges at HackQuest are quite easy, but still there are some tough ones. The hardest one so far is "The invation II", which is solved only by Anto, although there's a £20 prize for the first solver.
There's surely more to tell about HackQuest, but probably my friend flamecruiser will want to provide more information :P
Monday 26 November 2007
Smash The Stack!
Hey guys,
Today I'll show you a cool challenge site, or rather, a real wargame - SmashTheStack (StS). It was keeping me busy the whole yesterday.
StS is all about Linux cracking/reversing/exploit - a skillset that I surely lack. At the moment they are hosting 5 games, 2 of which are active: io and apfel. Each game is a real system all set up for cracking. You start with a shell account with the lowest access level and by cracking/exploiting the insecure linux applications you can gain access to the next level. Kinda cool huh?
At the moment I, rhican, silkut and ch0wch0w are playing the games, but none has reached the top so far. So maybe you should join the race with us ;)
Need any tool to start the game? Here is a list of programs I used: strace, objdump, rec, and of course gdb. Read some articles about them and you'll get everything done.
Smashing the Stack for Fun and Profit by Aleph One is an excellent article to get you started too - I highly believe that the site name originated from that article, but don't quote me on that :P
Today I'll show you a cool challenge site, or rather, a real wargame - SmashTheStack (StS). It was keeping me busy the whole yesterday.
StS is all about Linux cracking/reversing/exploit - a skillset that I surely lack. At the moment they are hosting 5 games, 2 of which are active: io and apfel. Each game is a real system all set up for cracking. You start with a shell account with the lowest access level and by cracking/exploiting the insecure linux applications you can gain access to the next level. Kinda cool huh?
At the moment I, rhican, silkut and ch0wch0w are playing the games, but none has reached the top so far. So maybe you should join the race with us ;)
Need any tool to start the game? Here is a list of programs I used: strace, objdump, rec, and of course gdb. Read some articles about them and you'll get everything done.
Smashing the Stack for Fun and Profit by Aleph One is an excellent article to get you started too - I highly believe that the site name originated from that article, but don't quote me on that :P
Saturday 24 November 2007
platonic defection
I have a silly confession to make: I'm affectionate about my hard drive. I know she's not much of a looker and she gets pretty noisy at times, but she has something very unique. Inceptionally she was as run-of-the-mill and no more poignant than your average toaster. Yet having cultivated and nourished her over the years with bits of stuff I care about I've developed a special fondness of my magnetic friend. A compilation of stuff that matters, she is my soul on a platter. Nearly a decade of handpicked odds and ends, business mixed with pleasure, a curious blend of things to be treasured.
A nudie pic of my hard drive
Call me one bit short of a nibble, but didn't Anne Frank even name her diary "Kitty"? Nobody seems to raise brows about that. What makes diaries so special? If you remove the binder, it's basically just thick toiletpaper for people with loose bowels so the diarrhea doesn't seep through. And what about people naming their cars? Lets see a car accelerate from 0 to 7200 RPM in only a few seconds! Not to even mention the marines encouraging rookies to bond with their rifle. At least my platter doesn't cause brainsplatter!
If you ask me, there's nothing wrong with a little plate-onic affection. Sadly, I first had to lose her before I learned how much I appreciated her. As Plato so delicately put it: "Must not all things at the last be swallowed up in death?". One day she just lost her drive. Her tiny little head got stuck and rigor mortis set in. Her once so frolicsome spinning noises were no more. Only that awful tick of death (head damage 1) setting my teeth on edge. Complete platonic defection.
The outlook was as grim as the skies over Moscow the day Joseph Stalin became member of the Communist Party, but I made a vow that I would bring my hard drive back to life even if it meant I would have to cross the Styx to find her. Hours on end I scryed the internet until finally I found this book of shadows from several pagan IT professionals.
I gathered the necessary instruments, plugged her in, and gently started tapping her along the edges with my Screwdriving Wand of the Goddess while invoking the Guardians of the Watchtowers of the corresponding corners, but it was futile. All she did was mock me with her evil voodoo tick.
This called for desperate measures. I still felt her presence, but apparently there was still too much resistance for her to come back to life. So I placed her in the freezer since cold temperatures reduce resistance. After about half an hour I tried again, and after a few minutes I noticed her tick of death gradually started changing. First her arm started moving a little. Finally she was spinning again with her head held high, long enough for me to transfer her essence to my new drive.
PS. If your data is mission critical, go to a proper data recovery agency. These methods can seriously disharmonize the universe and should only be used out of sheer desperation and after carefully reading this document.
A nudie pic of my hard drive
Call me one bit short of a nibble, but didn't Anne Frank even name her diary "Kitty"? Nobody seems to raise brows about that. What makes diaries so special? If you remove the binder, it's basically just thick toiletpaper for people with loose bowels so the diarrhea doesn't seep through. And what about people naming their cars? Lets see a car accelerate from 0 to 7200 RPM in only a few seconds! Not to even mention the marines encouraging rookies to bond with their rifle. At least my platter doesn't cause brainsplatter!
If you ask me, there's nothing wrong with a little plate-onic affection. Sadly, I first had to lose her before I learned how much I appreciated her. As Plato so delicately put it: "Must not all things at the last be swallowed up in death?". One day she just lost her drive. Her tiny little head got stuck and rigor mortis set in. Her once so frolicsome spinning noises were no more. Only that awful tick of death (head damage 1) setting my teeth on edge. Complete platonic defection.
The outlook was as grim as the skies over Moscow the day Joseph Stalin became member of the Communist Party, but I made a vow that I would bring my hard drive back to life even if it meant I would have to cross the Styx to find her. Hours on end I scryed the internet until finally I found this book of shadows from several pagan IT professionals.
I gathered the necessary instruments, plugged her in, and gently started tapping her along the edges with my Screwdriving Wand of the Goddess while invoking the Guardians of the Watchtowers of the corresponding corners, but it was futile. All she did was mock me with her evil voodoo tick.
This called for desperate measures. I still felt her presence, but apparently there was still too much resistance for her to come back to life. So I placed her in the freezer since cold temperatures reduce resistance. After about half an hour I tried again, and after a few minutes I noticed her tick of death gradually started changing. First her arm started moving a little. Finally she was spinning again with her head held high, long enough for me to transfer her essence to my new drive.
PS. If your data is mission critical, go to a proper data recovery agency. These methods can seriously disharmonize the universe and should only be used out of sheer desperation and after carefully reading this document.
Wednesday 14 November 2007
Steganabara explained
Hey guys,
Finally I defeated my laziness and created a project page for Steganabara. You can access it from here.
Also included an explanation of the key features: Bit Mask Filter, Color Map Filter, Color Explorer, Histogram and Color Table.
And now a demonstration of the Bit Mask Filter, applying on StenographyOriginal.png, from the wikipedia page about steganography
Finally I defeated my laziness and created a project page for Steganabara. You can access it from here.
Also included an explanation of the key features: Bit Mask Filter, Color Map Filter, Color Explorer, Histogram and Color Table.
And now a demonstration of the Bit Mask Filter, applying on StenographyOriginal.png, from the wikipedia page about steganography
Monday 12 November 2007
TheBlacksheep
As theAnswer introduced rankk last week, I feel it's time to introduce my favourite challenge site, possibly the best one out there: TheBlackSheep at http://www.bright-shadows.net. Most members refer to it using the shortened name: TBS.
At TBS, challengers can compete in almost all major computer-related fields: javascript, exploit, cryptography, steganography, crackits, programming, flash, java applets, logic and information gathering. Also there's a "special" section, consisting of challenges that require a special skillset. And challenges that are completely a waste of time are taken to /dev/null.
With 300+ challenges and counting, TBS is surely the biggest challenge site. You can find almost all aspects of the computer world there, from the first and simplest crypto system - Caesar, to the modern and ultimately strong one - RSA, from text steganos, to image and sound ones, from simple php exploits, to XSS and SQL injection, from Windows cracking, to cracking other systems, like Linux, C64, and Texas Instrument :P And of course, the applet challenges there are the most challenging, but yet very interesting and educational :)
If, for any reason, you missed such a great site, register a new account there and start playing before it's too late! Beginner? No worry, you can learn many things along the way, from the challenges, and the great tutorials both written by TBS members and linked from other security websites.
At TBS, challengers can compete in almost all major computer-related fields: javascript, exploit, cryptography, steganography, crackits, programming, flash, java applets, logic and information gathering. Also there's a "special" section, consisting of challenges that require a special skillset. And challenges that are completely a waste of time are taken to /dev/null.
With 300+ challenges and counting, TBS is surely the biggest challenge site. You can find almost all aspects of the computer world there, from the first and simplest crypto system - Caesar, to the modern and ultimately strong one - RSA, from text steganos, to image and sound ones, from simple php exploits, to XSS and SQL injection, from Windows cracking, to cracking other systems, like Linux, C64, and Texas Instrument :P And of course, the applet challenges there are the most challenging, but yet very interesting and educational :)
If, for any reason, you missed such a great site, register a new account there and start playing before it's too late! Beginner? No worry, you can learn many things along the way, from the challenges, and the great tutorials both written by TBS members and linked from other security websites.
Monday 5 November 2007
rankk.org
Hey,
another challenge site I've been playing at recently. The design, the "story", most challenges (and solutions :D) are related to egypt or pyramids. I think it's actually a restart of a challenge site called "pyramid".
It contains 160 challenges, including logic, javascript, programming, exploit, stegano and crypto of course.
There are 9 levels in total, to complete the n-th level you need to solve 10-n levels which results in a pyramid like ladder you need to climb.
The current rankk master is quangntenemy, by the way.
Check out rankk.org!
Greetings, ozehka!
Update by quangntenemy: you might want to read my rankk interview too :D
another challenge site I've been playing at recently. The design, the "story", most challenges (and solutions :D) are related to egypt or pyramids. I think it's actually a restart of a challenge site called "pyramid".
It contains 160 challenges, including logic, javascript, programming, exploit, stegano and crypto of course.
There are 9 levels in total, to complete the n-th level you need to solve 10-n levels which results in a pyramid like ladder you need to climb.
The current rankk master is quangntenemy, by the way.
Check out rankk.org!
Greetings, ozehka!
Update by quangntenemy: you might want to read my rankk interview too :D
Sunday 4 November 2007
Mod-x
Hey guys,
Today's hot challenge site is Mod-x at http://www.mod-x.co.uk. Unlike other challenge sites, Mod-x has a unique story line behind it. You are one of the Mod-x agents, the elite team fighting against the evil forces in the cyberspace.
Most tasks involve reversing, code breaking and penetrating other systems. Although the game is fictional, you need real skills in order to complete the tasks and move forward.
Beside the main game, Mod-x also hosts 2 other games: the omega project and disavowed.net. They are also quite interesting.
Give it a try and see how far you can go!
Today's hot challenge site is Mod-x at http://www.mod-x.co.uk. Unlike other challenge sites, Mod-x has a unique story line behind it. You are one of the Mod-x agents, the elite team fighting against the evil forces in the cyberspace.
Most tasks involve reversing, code breaking and penetrating other systems. Although the game is fictional, you need real skills in order to complete the tasks and move forward.
Beside the main game, Mod-x also hosts 2 other games: the omega project and disavowed.net. They are also quite interesting.
Give it a try and see how far you can go!
Monday 29 October 2007
Ma's Reversing
Hey guys,
Today I'm gonna show you a really cool challenge site - Ma's Reversing at http://www.3564020356.org.
This is one of the very first challenge sites on the Internet. There are a total of 28 riddles and you have to solve them sequentially. After solving the riddle you can see the solutions to it and discuss about it in the next riddle forum.
The riddles cover many aspects of the computer world, from steganography, cryptography, to reversing. While solving the riddles, you feel like being drowned into the long history of computing. And there's always something to learn from them.
The site owner, Malatia, has been inactive for quite a while. But thanks to the educative and challenging riddles, the site is still alive :)
The site is available for free, but only to those who deserve it. Everyone needs to pass a qualifying riddle in order to become a member. But don't worry, just put some effort into it and the sesame will open for you :)
Today I'm gonna show you a really cool challenge site - Ma's Reversing at http://www.3564020356.org.
This is one of the very first challenge sites on the Internet. There are a total of 28 riddles and you have to solve them sequentially. After solving the riddle you can see the solutions to it and discuss about it in the next riddle forum.
The riddles cover many aspects of the computer world, from steganography, cryptography, to reversing. While solving the riddles, you feel like being drowned into the long history of computing. And there's always something to learn from them.
The site owner, Malatia, has been inactive for quite a while. But thanks to the educative and challenging riddles, the site is still alive :)
The site is available for free, but only to those who deserve it. Everyone needs to pass a qualifying riddle in order to become a member. But don't worry, just put some effort into it and the sesame will open for you :)
Friday 26 October 2007
slyfx
Hey guys,
Today I would like to introduce an old but really nice challenge site: slyfx at http://www.slyfx.com.
Like many challenge sites at the time, slyfx has 10 levels, from easy to hard. There are 3 challenges per level, and you have to solve 2 of them to advance to the next level. The challenges, which vary from logic, programming, reversing and exploiting, will give you a nice tour in the world of computers.
Unfortunately, just like Arcanum, with the limited number of challenges, slyfx is only good as an introduction to wargaming.
Today I would like to introduce an old but really nice challenge site: slyfx at http://www.slyfx.com.
Like many challenge sites at the time, slyfx has 10 levels, from easy to hard. There are 3 challenges per level, and you have to solve 2 of them to advance to the next level. The challenges, which vary from logic, programming, reversing and exploiting, will give you a nice tour in the world of computers.
Unfortunately, just like Arcanum, with the limited number of challenges, slyfx is only good as an introduction to wargaming.
Bits and Bytes
Bits and Bytes,
a very basic tutorial with introduction to steganography.
First you should know that this information here is kept very basic and not very accurate. If you find some horrible mistakes please leave a comment. I tried to use easy vocabularies because this post is targetted on beginners.
I. A computer is like a big calculator.
The only thing it can do is calculate numbers, which are stored in binary format.
The binary format, numbers represented in base 2, are used because you can easily represent the two possible binary digits (0 and 1) with electric power (voltage on or voltage off). Everything what your computer does is just computing lots of these binary numbers, and send or recieve those numbers to/from other components. Your monitor for example shows colors, that represent certain numbers and your keyboard sends some numbers to your computer when you press a key.
A computer can only compute a small range of bits at once, which depends on the processor (usually 32 or 64 bits today).
Also it can address its memory only in byte steps (byte aligned).
A group of 8 bits is called a byte and can hold 256(2^8) different numbers (from 0 to 255).
In the beginning of computers there was the need for a codetable that converts numbers to letters.
This codetable is called ASCII-Table .
It uses 8 bits (1 byte) to represent one character.
An example: You can see that the number 65 represents an 'A'.
65 in binary is 01000001. (Try out the windows calculater and use the scientific view, you can convert numbers from binary to decimal beside other things with it)
- - - - - - - - - -
II. As you migth know, steganography is the art of hiding a message.
For example using invisible ink and write with that ink between the normal lines.
In the age of computers there are lots of ways to hide data inside other data,
but lets focus on very basic stuff; Bits and Bytes.
In computer age you can even hide letters due hiding its bits.
Ill "hide" the string ABC in some garbage data applying this rule:
Alernately take one bit of the message and one bit of the garbage.
like: M = Message; G = Garbage
MGMGMGMGMGMG....
ABC: 01000001 01000010 01000011
Garbage: 11110000 11110000 11110000
Mixed up: 011101010000001001110101000010000111010100001010
MGMGMGMGMGMGMGMG.....
You can easily decode this by using only every second bit, starting with the first.
You could also use your own codetable to represent letters, like A = 1, B = 2 and so on, what will need less bits than ascii.
Also its possible to just not use the highest bit (which is always 0 in standard ascii), or even not use the leading '01', cause all letters start with a binary '01'.
a very basic tutorial with introduction to steganography.
First you should know that this information here is kept very basic and not very accurate. If you find some horrible mistakes please leave a comment. I tried to use easy vocabularies because this post is targetted on beginners.
I. A computer is like a big calculator.
The only thing it can do is calculate numbers, which are stored in binary format.
The binary format, numbers represented in base 2, are used because you can easily represent the two possible binary digits (0 and 1) with electric power (voltage on or voltage off). Everything what your computer does is just computing lots of these binary numbers, and send or recieve those numbers to/from other components. Your monitor for example shows colors, that represent certain numbers and your keyboard sends some numbers to your computer when you press a key.
A computer can only compute a small range of bits at once, which depends on the processor (usually 32 or 64 bits today).
Also it can address its memory only in byte steps (byte aligned).
A group of 8 bits is called a byte and can hold 256(2^8) different numbers (from 0 to 255).
In the beginning of computers there was the need for a codetable that converts numbers to letters.
This codetable is called ASCII-Table .
It uses 8 bits (1 byte) to represent one character.
An example: You can see that the number 65 represents an 'A'.
65 in binary is 01000001. (Try out the windows calculater and use the scientific view, you can convert numbers from binary to decimal beside other things with it)
- - - - - - - - - -
II. As you migth know, steganography is the art of hiding a message.
For example using invisible ink and write with that ink between the normal lines.
In the age of computers there are lots of ways to hide data inside other data,
but lets focus on very basic stuff; Bits and Bytes.
In computer age you can even hide letters due hiding its bits.
Ill "hide" the string ABC in some garbage data applying this rule:
Alernately take one bit of the message and one bit of the garbage.
like: M = Message; G = Garbage
MGMGMGMGMGMG....
ABC: 01000001 01000010 01000011
Garbage: 11110000 11110000 11110000
Mixed up: 011101010000001001110101000010000111010100001010
MGMGMGMGMGMGMGMG.....
You can easily decode this by using only every second bit, starting with the first.
You could also use your own codetable to represent letters, like A = 1, B = 2 and so on, what will need less bits than ascii.
Also its possible to just not use the highest bit (which is always 0 in standard ascii), or even not use the leading '01', cause all letters start with a binary '01'.
Steganabara
Hey!
most of you will know me by the nick 'theAnswer'.
In my first post I want to present to you a great tool called Steganabara that helps you to solve steganos (to be exact: visual image steganos). It was coded by my dear friend quangntenemy in Java. Some of the functions it contains:
It doesn't show you the solution for a challenge instantly (sometimes it does :)), it's more an analysis tool.
The current official version is 1.0.8 and you can get it at quangntenemy's site:
http://www.freewebs.com/quangntenemy/
Try it out!
ozehka
most of you will know me by the nick 'theAnswer'.
In my first post I want to present to you a great tool called Steganabara that helps you to solve steganos (to be exact: visual image steganos). It was coded by my dear friend quangntenemy in Java. Some of the functions it contains:
- Color Explorer (Red-, Green-, Blue- and Alpha-channel)
- Histogram
- Color Table (with frequencies)
- Bit Mask Filter
- Filter by Color Map
It doesn't show you the solution for a challenge instantly (sometimes it does :)), it's more an analysis tool.
The current official version is 1.0.8 and you can get it at quangntenemy's site:
http://www.freewebs.com/quangntenemy/
Try it out!
ozehka
Thursday 25 October 2007
Arcanum
Hey guys,
I would like to introduce Arcanum, one of the very first challenge sites I played.
I would like to introduce Arcanum, one of the very first challenge sites I played.
The site was located at http://www.arcanum.co.nz, but unfortunately it is now down since the domain expired. The Arcanum enthusiasts are still idling on #arcanum at irc.idlemonkeys.net. flamecruiser is trying to revive it so maybe one day it will be back again :)
Arcanum tests your skills in 4 different categories: logic, programming, encryption and unknown. There are 6 levels of difficulty. You have to pass all challenges at a level to advance to the next one.
When I joined Arcanum, as a beginner, the challenges were really interesting and educational. With basic computer knowledge and a little bit of research, I was able to solve all the challenges and ended up in rank #147.
The only bad thing about Arcanum was that there were not many challenges, and they weren't too hard. A challenger like me probably would only stay until he has solved all the challs and move onto the next one.
Update: Thanks to Whiteboy the site is up again at http://arcanum.fxfi.net/. Check it out!
Arcanum tests your skills in 4 different categories: logic, programming, encryption and unknown. There are 6 levels of difficulty. You have to pass all challenges at a level to advance to the next one.
When I joined Arcanum, as a beginner, the challenges were really interesting and educational. With basic computer knowledge and a little bit of research, I was able to solve all the challenges and ended up in rank #147.
The only bad thing about Arcanum was that there were not many challenges, and they weren't too hard. A challenger like me probably would only stay until he has solved all the challs and move onto the next one.
Update: Thanks to Whiteboy the site is up again at http://arcanum.fxfi.net/. Check it out!
Welcome
Hey guys,
If you are a challenger, you have come to the right place ;)
This blog is dedicated to computer-based challenges, aka wargames, hacker games, etc.
Here you will find:
Happy challenging!
If you are a challenger, you have come to the right place ;)
This blog is dedicated to computer-based challenges, aka wargames, hacker games, etc.
Here you will find:
- A comprehensive list of all the cool challenge sites, together with detailed reviews about them.
- Links to online resources, tutorials, and tools.
- Tips, tricks and tutorials from the top challengers.
Happy challenging!
Subscribe to:
Posts (Atom)
