The document describes the steps taken to solve puzzles on the website www.hackertest.net to progress through 20 levels. Various clues and hidden messages in image files, HTML source code, and encrypted texts must be decrypted or found through tools like text editors and GIMP. The puzzles get increasingly difficult and require skills like JavaScript, PHP, HTML, and using graphic software. The document indicates level 20 was passed but is unsure if level 21 exists, as the clues point to adding "22332" to the end of the domain name found in an encrypted text on level 20.
1. I hear about this site www.hackertest.net from my friend, this site have puzzle
to solve to enter to the next level. So this is the answer of level i pass, but
i stuck at level 20. Is there level 21? The tool to pass all level only text
editor and GIMP, maybe above level 20 are the real hacker test :-)
————————
level 1 http://www.hackertest.net/
Password:null
From— view page source
<script language=JavaScript>
{
var a=—null—;
function check()
{
if (document.a.c.value == a)
{
document.location.href=—http://www.hackertest.net/—+document.a.c.va
lue+—.htm—;
.
.
.
————————
level 2 http://www.hackertest.net/null.htm
Password:l3l
From— view page source
<script language=—JavaScript— type=—text/javascript—>
var pass, i;
pass=prompt(—Please enter password!—,—");
if (pass==—l3l—) {
window.location.href=—http://www.hackertest.net/—+pass+—.htm—;
.
.
.
————————
level 3 http://www.hackertest.net/l3l.htm
Password:#000000
From— view page source
<body onload=javascript:pass(); alink=—#000000?>
<SCRIPT LANGUAGE=—JavaScript—>
function pass()
{
var pw, Eingabe;
pw=window.document.alinkColor;
Eingabe=prompt (—Please enter password—);
if (Eingabe==pw)
{
window.location.href=String.fromCharCode(97,98,114,97,101)+—.htm—;
.
.
.
————————
level 4 http://www.hackertest.net/abrae.htm
————————
2. level 5 http://www.hackertest.net/sdrawkcab.htm
Password:SAvE-as hELpS a lOt
From— view page source
<script language=JavaScript>
var pass, i;
pass=prompt(—Password: —,—");
if (pass==—SAvE-as hELpS a lOt—) {
window.location.href=—save_as.htm—;
.
.
.
————————
level 6 http://www.hackertest.net/save_as.htm
Password:hackertestz
From— view page source
<SCRIPT SRC=—psswd.js— LANGUAGE=—JavaScript—
type=—text/javascript—></script>
Open http://www.hackertest.net/psswd.js
<!—
var pass;
pass=prompt(—Password:—,—");
if (pass==—hackertestz—) {
window.location=—included.htm—;
.
.
.
————————
level 7 http://www.hackertest.net/included.htm
Username:phat
Password:jerkybar3
From— view page source
<body bg=—images/included.gif—>
Open http://www.hackertest.net/images/included.gif
————————
level 8 http://www.hackertest.net/pwd2.php
Username:zadmin
Password:stebbins
From— view page source
<form action=phat.php method=post>
Open http://www.hackertest.net/phat.php
<BODY BGCOLOR=—ffffff— TEXT=—000000? BG=—images/phat.gif—>
Open http://www.hackertest.net/images/phat.gif
the result is —Look for a .PhotoShopDocument!— => PSD
Download http://www.hackertest.net/images/phat.psd
Open phat.psd using photoshop or gimp
3. Hide another layers, only show Background and DEMO DEMO DEMO DEMO
————————
level 9 http://www.hackertest.net/phat.php
Form— view page source
<!—————————————————————-
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
—————— Password: Z2F6ZWJydWg= add a page extention to
that ————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
—————————— >
Decode Z2F6ZWJydWg= (base 64 to text), using online tools like:
- http://ostermiller.org/calc/encode.html
- http://webnet77.com/cgi-bin/helpers/base-64.pl
-
http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.as
px
- http://www.motobit.com/util/base64-decoder-encoder.asp
- etc.
The result : gazebruh
————————
level 10 http://www.hackertest.net/gazebruh.php
Password:shackithalf
From— view page source
<td width=—100%—><font size=—2? face=—Tahoma—><i>S</i>treet Korner
is your
own online <i>hack</i>er simulation. W<i>it</i>h over 100 levels
that require
4. different skills to get to another step of the game, this new
real-life immitation will <i>h</i>elp you advance your security
knowledge.
This site will help you improve your JavaScript, PHP, HTML and
graphic thinking in <i>a</i> fun way that will entertain any
visitor! Have
a spare minute? Log on! Each level wil<i>l</i> provide you with a
new,
harder clue to find a way to get to another level. Only <i>f</i>ew
people
have gotten to the end of the maze— Will you crack this
site?</font></td>
The italic tag S-hack-it-h-a-l-f = shackithalf
————————
level 11 http://www.hackertest.net/gazebruh.php
From— hidden text, using Ctrl+A you can find clue —Level 11:
rofl.php—
————————
level 12 http://www.hackertest.net/rofl.php
From— view page source
<meta name=—robots— content=—goto: clipart.php—>
————————
level 13 http://www.hackertest.net/clipart.php
From— view page source
<meta name=—clue— content=—use graphic software—>
.
.
.
<img border=—0? src=—images/logo.jpg— width=—300?
height=—145?></td>
.
.
.
View http://www.hackertest.net/images/logo.jpg, and zoom it, you
can find puta.php
View page source http://www.hackertest.net/puta.php
<meta name=—clue— content=—use graphic software—>
.
.
.
<td width=—100%— height=—267? valign=—top—><b><font size=—7?
face=—Arial—><img src=—images/lvl13.gif—></font></b><p> </p>
.
.
.
View http://www.hackertest.net/images/lvl13.gif, and zoom it, you
5. can find 4.xml
In http://www.hackertest.net/4.xml, you can find 4xml.php
————————
level 14 http://www.hackertest.net/4xml.php
From— view page source
<meta name=—clue— content=—use graphic software—>
.
.
.
<img src=—images/bidvertiser.gif—>
.
.
.
View http://www.hackertest.net/images/bidvertiser.gif using GIMP,
you can find text TOTALLY!!! php
————————
level 15 http://www.hackertest.net/totally.php
From— Since you still have your photoshop open, check this out:
images/pass2level16.jpg << good luck with it!
Open http://www.hackertest.net/images/pass2level16.jpg, nothing =>
unavailable
————————
level 16 http://www.hackertest.net/unavailable/
From— view page source
UNAVAILABLE
<!— level 17: /images— —>
Visit http://www.hackertest.net/unavailable/images
View page source
<body background=—bg.jpg—>
Download bp.jpg, open with text editor, you can find Ducky.php
————————
level 17 http://www.hackertest.net/unavailable/Ducky.php
Password: your IP address
You can find your IP address, using online tool, such as:
- http://whatismyipaddress.com/
- http://www.ip2location.com/
- etc.
After login then view page source—
<b>Warning</b>: Cannot modify header information — headers already
sent by (output started at
/home/hackert/public_html/unavailable/Ducky.php:11) in
<b>/home/hackert/public_html/unavailable/Ducky.php</b> on line
6. <b>58</b><br />
../level18.shtml
.
.
.
————————
level 18 http://www.hackertest.net/level18.shtml
Scroll to bottom of page, you can find —
$pass) { $errormsg=$msg; show_login_page($errormsg); exit(); } else
{ setmycookie(); } } else { if ($_COOKIE[$cookiename]<>$pass) {
show_login_page($errormsg); exit(); } else { // do nothing } } ?>
/level19.shtml << told ya to think like a n00b!!!
————————
level 19 http://www.hackertest.net/level19.shtml
From— view page source
.
.
.
<td width=—100%— background=—images/level20_pass.gif—>
.
.
.
View http://www.hackertest.net/images/level20_pass.gif using GIMP,
you can find text —gazebruh2?
————————
level 20 http://www.hackertest.net/gazebruh2.htm
In the page you can see
1. hex.gif contain:
—436f6e67726174756c6174696f6e732532312b596f752b686176652b7061737365
642b746f2b6c6576656c2b31302e2b486572652532432b7468696e67732b6265636
f6d652b6d7563682b6d6f72652b6469666663756c742b2533422d2532395b486f70
652b796f752b6765742b7468726f7567682532312b456e6a6f792e—
if you decode it, the message —Congratulations%
21+You+have+passed+to+level+10.+Here%
2C+things+become+much+more+diffcult+%3B-%29[Hope+you+get+through%
21+Enjoy.—
2. some character:
VldwSk5Gb3lVa2hQUjJSclRUSlJlbFJITlU5TlIwNTBWbTE0YTFJelVqSlpNakF4WWt
kT2NFNVlWbUZYUmtZeVYycEtTbG95U25SUFZFNU5Xbm93T1QwOT09
if you decode it (base 64) 4 times, the message —Go to
7. www.streetkorner.net/gb now.”
3. using Ctrl+A, you find ^^^^^^^^^^ Change domain, add ”22332? at
the end, reach it and then get hold of ” ^^^^^^^^^^
So my experiment end at http://www.hackertest.net/gb22332/ to reach
level 21, if it is exists :-)