yup..where are you stuck?

 

That's exactly what I've done, so I'll write up my experience.

SPOILERS

Level 1 - This is really easy. The password is in the .html file. Under IE, do a "View Source" to see it. The security works by imputing text and asking itself "does INPUT = <password>?"

Level 2 - Macromedia flash deal. Again, rather easy. If you view the HTML source, you'll discover the flash file's name. Somehow, you need to view it in a text editor. There are several ways - check your Temp Internet Files dir, or what I did was create my own HTML doc with an href to it, right clicked that and save as-ed.

Level 3 - Java part one. Again, the password is in plain text in the script file. Viewing the HTML source is a misdirection. It contains the incorrect password, and the incorrect level four html page name. Don't be fooled! The HTML gives the script file name. Again, get it from your TIF.

Level 4 - The Java applet. I've gotten the class file, but the password and ID are no longer plain text. I have no experience with Java, so I'm stuck here. I'll give it some more time later.

 

I just sat back down with a cup of hot coffee..it's on 2:26am here..I planned on going to bed a little earlier, but thanks to Elistan I'm up until I get done with this

Level 8 is coming along very well so far.

 

I gave the site to a "friend" and here is what he sent me back. Most of it is "greek" to me!

Level 2
[txtUsername......Try2Hack.I....txtPassword......No kiaIsGood
hex edit the swf
and the 3rd one was harder
but a sharp eye at the source will show you its fake
the real password isnt AbCdE
its TheCorrectAnswer
the 4th will require dissaembly of passwdlevel4.class
all that javascript is fake
http://www.google.com/search?q=http%3A%2F%...G=Google+Search
look there
save as the source if you don't already have it
now at the top
look here
<SCRIPT src="JavaScript"></SCRIPT>
<SCRIPT language="JavaScript">
bingo
the src=
its ment to trick you
so go load up http://www.try2hack.nl/JavaScript
which holds the real varibles
actually, the script isnt fake
it just reloads the correct varibles
ok next one
isnt so easy
ill give you a hint so you don't have to download a class cracker like I did
in the nmi file source
is
infile = new String("level4");
try {inURL = new URL(getCodeBase(), infile);}
so go load up http://www.try2hack.nl/level4 < holds the key
view the source
txtUsername=AlmostAHacker ..... txtPassword=ZqrE01A2d
intresting
it doesn't work
ill have to dissasemble it
those are fake string refs
well the username is Try2Hack
If txtUsername <> Mid(c001A, 56, 1) & Mid(c001A, 28, 1) & Mid(c001A, 35, 1) & Mid(c001A, 3, 1) & Mid(c001A, 44, 1) & Mid(c001A, 11, 1) & Mid(c001A, 13, 1) & Mid(c001A, 21, 1) Then
MsgBox "Username not accepted."
nobody would do that in real life!
onst c001A = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLM NOPQRSTUVWXYZ.,:;-*+=~|&!_$#@()[]{}</>"
txtPassword <> Mid(c001A, 51, 1) & Mid(c001A, 31, 1) & Mid(c001A, 30, 1) & Mid(c001A, 51, 1) & Mid(c001A, 16, 1) & Mid(c001A, 45, 1) & Mid(c001A, 24, 1) & Mid(c001A, 29, 1) & Mid(c001A, 26, 1) & Mid(c001A, 19, 1) & Mid(c001A, 28, 1) & Mid(c001A, 11, 1) & Mid(c001A, 30, 1) & Mid(c001A, 19, 1) & Mid(c001A, 25, 1) & Mid(c001A, 24, 1) Then
OutOfInspiration
the login is Try2Hack
the password is OutOfInspiration
http://www.try2hack.nl/l-e-v-e-l-6.html
sn00per
01010 00000 01100 01110 00000 10000 10010 10110
LANPARTY
that one was sneaky
coverted binary to "a" and "b"
http://www.try2hack.nl/LEVELSEVEN.html
Browser check :OK

 

ahhh..you spoiler!!!

 

Its amazing how quickly that guy did it. Guess when thats your specialty, you get good at it and know what to look for.

I had gotten stuck at level 4. Thats when I called in the help!

 

How do you get to the try2hack website? Is there a link somewhere ??

 

[QUOTE]Originally posted by tokyo_james
[B]How do you get to the try2hack website?

 

Dang, finally hit the 500 post mark!!! And wasted it on hacking!