hascheksolutions / 0xf.at Goto Github PK

I'm unable to connect to them via netcat, telnet or python's socket module

$ nc 212.17.118.125 2727
*empty output*

$ telnet 212.17.118.125 2727
Connecting To 212.17.118.125...Could not open connection to the host, on port 2727: Connect failed

    s.connect(("212.17.118.125", 2727))
TimeoutError: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond

I'm unable to solve 27 hackit because of it since it uses server's FS to store correct passwords

fs.writeFile("../data/tmp/"+pw, "OK", function(err) {
          fs.chmodSync("../data/tmp/"+pw, 0777);
            if(err) {
                return console.log(err);
            }
        });

I am totally stumped on level 25. I suspect that hashcat no longer works with the given files. My best guess at how to use it is throwing this error of Separator unmatched

$ hashcat -m 22000 -a 3 tryandhackme.hccap ?l?l?l?d?d?d?d?d
...
Hashfile 'tryandhackme.hccap' on line 1 (tryandhackme): Separator unmatched
Hashfile 'tryandhackme.hccap' on line 2 (): Separator unmatched
No hashes loaded.
...

I also could not find a way to use the tryandhackme.ivs. Am I missing something or is this level no longer solvable because the given files don't work with the updated tools? Thank!

With every solved level user should get 10 points

Every level comes with a "buyable" hint. User can spend 30 points for a hint

Note: Points must never become buyable for real money

Hi I was just browsing through your code and saw how you registered users: https://github.com/HaschekSolutions/0xf.at/blob/master/models/usersmodel.php#L11

Maybe I don't fully understand your code yet but I think the salt here is static and it shouldn't be. The main point of having a salt is that if two users choose the same password and your data gets leaked the hashes won't be the same to slow down potential brute-force attacks. A salt should be generated for each new user and saved alongside their password. When it's time to hash the password again the salt should be applied. What you created here is known as a "pepper" and should only be used in addition to a proper salt when storing user passwords.

If you switch from using sha512 (which isn't ideal for hashing passwords anyway) to something like bcrypt a random salt will be included in the user password automatically. PHP now offers https://www.php.net/manual/en/function.password-hash.php which handles this automatically.

Greetings from Wien!

When we have the point system implemented from #6 we might as well add a highscore list for users

The example claims:
nonce = "132f4c5f0f"
sha1("string1"+"string2"+nonce) -> Results in sha1 hash 000000593a640078a309840d69b4e2064d09ae20 so 132f4c5f0f would be the solution if we were looking for 6 leading zeroes

$ python -c 'import hashlib;print(hashlib.sha1(b"string1"+b"string2"+b"132f4c5f0f").hexdigest())'
997ffa731506ee6d66dfafe17dbdf76316e2e67b
$ echo -n "string1string2132f4c5f0f" | openssl sha1
SHA1(stdin)= 997ffa731506ee6d66dfafe17dbdf76316e2e67b

It doesn't work if we assume "string1" and "string2" are placeholders and use the values from the problem statement, either.

The solution of level 29 should be the temperature in field x/y, but the values are reversed.
You can see it in https://github.com/HaschekSolutions/0xf.at/blob/master/data/levels/hackit29.php
Fields are filled in this way: $field[$y][$x], you can see it for example in line 46.
In line 62 the field $answer = round($field[$heat_read_field_x][$heat_read_field_y]); is taken, so it is filled y/x and read x/y for the answer.

Hi,

I can't login anymore. There is also an error shown at the bottom of the page:

Warning: Unknown: open(/var/lib/php5/sess_oah67cafqs8df6gebtarje0ru4, O_RDWR) failed: Read-only file system (30) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php5) in Unknown on line 0