hascheksolutions / 0xf.at Goto Github PK
View Code? Open in Web Editor NEW0xf.at the popular hackit-site is finally open source
Home Page: https://0xf.at
License: Other
0xf.at the popular hackit-site is finally open source
Home Page: https://0xf.at
License: Other
The example claims:
nonce = "132f4c5f0f"
sha1("string1"+"string2"+nonce) -> Results in sha1 hash 000000593a640078a309840d69b4e2064d09ae20 so 132f4c5f0f would be the solution if we were looking for 6 leading zeroes
$ python -c 'import hashlib;print(hashlib.sha1(b"string1"+b"string2"+b"132f4c5f0f").hexdigest())'
997ffa731506ee6d66dfafe17dbdf76316e2e67b
$ echo -n "string1string2132f4c5f0f" | openssl sha1
SHA1(stdin)= 997ffa731506ee6d66dfafe17dbdf76316e2e67b
It doesn't work if we assume "string1" and "string2" are placeholders and use the values from the problem statement, either.
Hi,
I can't login anymore. There is also an error shown at the bottom of the page:
Warning: Unknown: open(/var/lib/php5/sess_oah67cafqs8df6gebtarje0ru4, O_RDWR) failed: Read-only file system (30) in Unknown on line 0
Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php5) in Unknown on line 0
The solution of level 29 should be the temperature in field x/y, but the values are reversed.
You can see it in https://github.com/HaschekSolutions/0xf.at/blob/master/data/levels/hackit29.php
Fields are filled in this way: $field[$y][$x], you can see it for example in line 46.
In line 62 the field $answer = round($field[$heat_read_field_x][$heat_read_field_y]); is taken, so it is filled y/x and read x/y for the answer.
When we have the point system implemented from #6 we might as well add a highscore list for users
With every solved level user should get 10 points
Every level comes with a "buyable" hint. User can spend 30 points for a hint
Note: Points must never become buyable for real money
I'm unable to connect to them via netcat, telnet or python's socket module
$ nc 212.17.118.125 2727
*empty output*
$ telnet 212.17.118.125 2727
Connecting To 212.17.118.125...Could not open connection to the host, on port 2727: Connect failed
s.connect(("212.17.118.125", 2727))
TimeoutError: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
I'm unable to solve 27 hackit because of it since it uses server's FS to store correct passwords
fs.writeFile("../data/tmp/"+pw, "OK", function(err) {
fs.chmodSync("../data/tmp/"+pw, 0777);
if(err) {
return console.log(err);
}
});
I am totally stumped on level 25. I suspect that hashcat
no longer works with the given files. My best guess at how to use it is throwing this error of Separator unmatched
$ hashcat -m 22000 -a 3 tryandhackme.hccap ?l?l?l?d?d?d?d?d
...
Hashfile 'tryandhackme.hccap' on line 1 (tryandhackme): Separator unmatched
Hashfile 'tryandhackme.hccap' on line 2 (): Separator unmatched
No hashes loaded.
...
I also could not find a way to use the tryandhackme.ivs
. Am I missing something or is this level no longer solvable because the given files don't work with the updated tools? Thank!
Hi I was just browsing through your code and saw how you registered users: https://github.com/HaschekSolutions/0xf.at/blob/master/models/usersmodel.php#L11
Maybe I don't fully understand your code yet but I think the salt here is static and it shouldn't be. The main point of having a salt is that if two users choose the same password and your data gets leaked the hashes won't be the same to slow down potential brute-force attacks. A salt should be generated for each new user and saved alongside their password. When it's time to hash the password again the salt should be applied. What you created here is known as a "pepper" and should only be used in addition to a proper salt when storing user passwords.
If you switch from using sha512 (which isn't ideal for hashing passwords anyway) to something like bcrypt a random salt will be included in the user password automatically. PHP now offers https://www.php.net/manual/en/function.password-hash.php which handles this automatically.
Greetings from Wien!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.