Archive for March, 2010

« Older Entries

Print Current Time in Multiple Languages

Monday, March 22nd, 2010

Here’s an overview of how to print out current time with the format hours:minutes:seconds in multiple programming languages…

C/C++:

#include <time.h>
#include <stdio.h>

int main(void) {
    struct tm *ptr;
    time_t lt;
    char str[80];
    lt = time(NULL);
    ptr = localtime(&lt);
    strftime(str, 100, "%H:%M:%S", ptr);
    printf(str);
    return 0;
}

C#:

using System;

class Program {
    static void Main() {
        DateTime time = DateTime.Now;
        string format = "HH:mm:ss";
        Console.WriteLine(time.ToString(format));
    }
}

Java:

import java.util.Date;
import java.text.SimpleDateFormat;

public class DateUtils {
    public static void  main(String arg[]) {
        System.out.println(new SimpleDateFormat("hh:mm:ss").format(new Date()));
    }
}

Visual Basic.NET

Dim timeInfo as DateTime = DateTime.Now
MessageBox.Show(DateTime.Now.ToString("HH:mm:ss"))

Tcl:

puts [clock format [clock seconds] -format {%H:%M:%S}]

Python:

import time
print time.strftime('%H:%M:%S')

PHP:

print date('H:i:s');

Perl:

($s, $m, $h) = localtime();
print "$h:$m:$s";

Ruby:

time = Time.new
puts time.strftime("%H:%M:%S")

JavaScript:

var d = new Date();
document.write(d.getHours() + ':' + d.getMinutes() + ':' + d.getSeconds());

Lua:

print(os.date("%H:%M:%S"))

ColdFusion:

<cfoutput>
#timeformat(now(),'HH:mm:ss')#
<cfoutput>

Tags:
Posted in Development | No Comments »

hackordie.echofish.org Solution (Level 15)

Saturday, March 20th, 2010

Here we need to manually generate a serial key, so first hit the search button and we get:

5413-09649-4236
7561-15929-8368

And now we need to find out what these have in common. It’s easy to see that the middle segment is the sum of the first and last. So lets try 5000-10000-5000.

Nope not valid, lets study more. First segment is odd, middle is odd and last is even in both serials. Then lets try 5001-10001-5000…

There you go, easy!

Tags: ,
Posted in Walkthroughs | No Comments »

hackordie.echofish.org Solution (Level 14)

Saturday, March 20th, 2010

We see a keypad and when we type 3 numbers we get sent to ?page=levels&level=14&pw=156 this means there are a combination from 0-999, lets make a bruteforce!

javascript:document.body.innerHTML += "<iframe id='if' height='400' width='400'></iframe>"; var i=0; setInterval(function(){var frame = document.getElementById('if'); frame.contentWindow.document.location = 'http://hackordie.echofish.org?page=levels&level=14&pw='+(i++)},100);void(0);

Write it in the address bar in your browser and you will succeed :)

Tags: , ,
Posted in Walkthroughs | No Comments »

hackordie.echofish.org Solution (Level 13)

Saturday, March 20th, 2010

We see a php error which tells us that the script is trying to include “username.phpp”, which is a typo. So now we know that username.php is important. We aslo see a “remember me” checkbox which tells us that this levels are using cookies.

Trying to go directly to the file worked: http://hackordie.echofish.org/levels/13/

Got nothing from username.php at first, but when the source was viewed I discovered another typo which let me see the source.

<PHP 

$username = "admin2"; 

?>

So now we got the username, lets find the password. As I said before “remember me” functions use cookies, so lets check the cookies.
Write javascript:alert(document.cookie); in the address bar.
This is it:

Hackordie_remember_me = 865b02aab501e77c8ca524c9bc1cf5c4

This is clearly a md5 hash and we can find the value of it by bruteforcing it. The easiest way is to use an online bruteforce tool like http://www.cmd5.org/default.aspx

There you go!

Tags: , ,
Posted in Walkthroughs | No Comments »

hackordie.echofish.org Solution (Level 12)

Saturday, March 20th, 2010

First we need to bypass that User-Agent check, the easiest way to do this is in Firefox. Write about:config in the address bar. Then search for “useragent” and change the value of “general.useragent.extra.firefox” to “Hack or Die”. Now try to enter level 12 again, and after you are done you can change it back to default by clicking “reset” :)

Okey, we get sent to the website of a hate group and are suppose to crack their site. First thing we check is the admin link, but we need username and password. The admin folder are protected with htaccess, so we need to get the info from the htpasswd file which htaccess uses.

So how are we suppose to read that file? Well their site uses page including, which we may exploit if the script are not secured enough.

Lets try to include the .htaccess file through the page include script:

http://hackordie.echofish.org/levels/12/hate/index.php?page=admin/.htpasswd

Didn’t work, but no need to give up yet. The script can add a string at the end like this:

include($_GET['page'] . '.php');

We can kill that by adding “?” at the end which will tell php that whats behind the question mark are GET values.

http://hackordie.echofish.org/levels/12/hate/index.php?page=admin/.htpasswd?

and the file got included…

admin:$apr1$iOOBL...$JfAc7xtWiPh0Mlj.dNS8Y.

Now we need to crack the password. Download John the Ripper and feed the htpasswd file to it.

Tags: , ,
Posted in Walkthroughs | No Comments »

« Older Entries