hackertest.net level 1 – 20


I hear about this site http://www.hackertest.net from my friend, this site have puzzle to solve to enter to the next level. So this is the answer of level i pass, but i stuck at level 20. Is there level 21? The tool to pass all level only text editor and GIMP, maybe above level 20 are the real hacker test 🙂

————————
level 1 http://www.hackertest.net/

Password:null

From… view page source
<script language=JavaScript>
{
var a=”null”;
function check()
{
if (document.a.c.value == a)
{
document.location.href=”http://www.hackertest.net/”+document.a.c.va

lue+”.htm”;
.
.
.

————————
level 2 http://www.hackertest.net/null.htm

Password:l3l

From… view page source
<script language=”JavaScript” type=”text/javascript”>
var pass, i;
pass=prompt(“Please enter password!”,””);
if (pass==”l3l”) {
window.location.href=”http://www.hackertest.net/”+pass+&#8221;.htm”;
.
.
.

————————
level 3 http://www.hackertest.net/l3l.htm

Password:#000000

From… view page source
<body onload=javascript:pass(); alink=”#000000″>
<SCRIPT LANGUAGE=”JavaScript”>
function pass()
{
var pw, Eingabe;
pw=window.document.alinkColor;
Eingabe=prompt (“Please enter password”);
if (Eingabe==pw)
{
window.location.href=String.fromCharCode(97,98,114,97,101)+”.htm”;
.
.
.

————————
level 4 http://www.hackertest.net/abrae.htm

————————
level 5 http://www.hackertest.net/sdrawkcab.htm

Password:SAvE-as hELpS a lOt

From… view page source
<script language=JavaScript>
var pass, i;
pass=prompt(“Password: “,””);
if (pass==”SAvE-as hELpS a lOt”) {
window.location.href=”save_as.htm”;
.
.
.
————————
level 6 http://www.hackertest.net/save_as.htm

Password:hackertestz

From… view page source
<SCRIPT SRC=”psswd.js” LANGUAGE=”JavaScript”

type=”text/javascript”></script>

Open http://www.hackertest.net/psswd.js

<!–
var pass;
pass=prompt(“Password:”,””);
if (pass==”hackertestz”) {
window.location=”included.htm”;
.
.
.
————————
level 7 http://www.hackertest.net/included.htm

Username:phat
Password:jerkybar3

From… view page source
<body bg=”images/included.gif”>

Open http://www.hackertest.net/images/included.gif

————————
level 8 http://www.hackertest.net/pwd2.php

Username:zadmin
Password:stebbins

From… view page source
<form action=phat.php method=post>

Open http://www.hackertest.net/phat.php

<BODY BGCOLOR=”ffffff” TEXT=”000000″ BG=”images/phat.gif”>

Open http://www.hackertest.net/images/phat.gif

the result is “Look for a .PhotoShopDocument!” => PSD

Download http://www.hackertest.net/images/phat.psd

Open phat.psd using photoshop or gimp

Hide another layers, only show Background and DEMO DEMO DEMO DEMO

————————
level 9 http://www.hackertest.net/phat.php

Form… view page source
<!—————————————————————-

——————————————————————

——————————————————————

——————————————————————

——————————————————————

——————————————————————

——————————————————————

—————– Password: Z2F6ZWJydWg= add a page extention to

that ————————————————————

——————————————————————

——————————————————————

——————————————————————

——————————————————————

——————————————————————

——————————————————————

—————————— >

Decode Z2F6ZWJydWg= (base 64 to text), using online tools like:
http://ostermiller.org/calc/encode.html
http://webnet77.com/cgi-bin/helpers/base-64.pl

http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.as

px
http://www.motobit.com/util/base64-decoder-encoder.asp
– etc.

The result : gazebruh

————————
level 10 http://www.hackertest.net/gazebruh.php

Password:shackithalf

From… view page source
<td width=”100%”><font size=”2″ face=”Tahoma”><i>S</i>treet Korner

is your
own online <i>hack</i>er simulation. W<i>it</i>h over 100 levels

that require
different skills to get to another step of the game, this new
real-life immitation will <i>h</i>elp you advance your security

knowledge.
This site will help you improve your JavaScript, PHP, HTML and
graphic thinking in <i>a</i> fun way that will entertain any

visitor! Have
a spare minute? Log on! Each level wil<i>l</i> provide you with a

new,
harder clue to find a way to get to another level. Only <i>f</i>ew

people
have gotten to the end of the maze… Will you crack this
site?</font></td>

The italic tag S-hack-it-h-a-l-f = shackithalf

————————
level 11 http://www.hackertest.net/gazebruh.php

From… hidden text, using Ctrl+A you can find clue “Level 11:

rofl.php”

————————
level 12 http://www.hackertest.net/rofl.php

From… view page source
<meta name=”robots” content=”goto: clipart.php”>

————————
level 13 http://www.hackertest.net/clipart.php

From… view page source
<meta name=”clue” content=”use graphic software”>
.
.
.
<img border=”0″ src=”images/logo.jpg” width=”300″

height=”145″></td>
.
.
.

View http://www.hackertest.net/images/logo.jpg, and zoom it, you

can find puta.php

View page source http://www.hackertest.net/puta.php
<meta name=”clue” content=”use graphic software”>
.
.
.
<td width=”100%” height=”267″ valign=”top”><b><font size=”7″

face=”Arial”><img src=”images/lvl13.gif”></font></b><p>&nbsp;</p>
.
.
.
View http://www.hackertest.net/images/lvl13.gif, and zoom it, you

can find 4.xml

In http://www.hackertest.net/4.xml, you can find 4xml.php

————————
level 14 http://www.hackertest.net/4xml.php

From… view page source
<meta name=”clue” content=”use graphic software”>
.
.
.
<img src=”images/bidvertiser.gif”>
.
.
.

View http://www.hackertest.net/images/bidvertiser.gif using GIMP,

you can find text TOTALLY!!! php

————————
level 15 http://www.hackertest.net/totally.php

From… Since you still have your photoshop open, check this out:

images/pass2level16.jpg << good luck with it!

Open http://www.hackertest.net/images/pass2level16.jpg, nothing =>

unavailable

————————
level 16 http://www.hackertest.net/unavailable/

From… view page source
UNAVAILABLE
<!– level 17: /images” –>

Visit http://www.hackertest.net/unavailable/images

View page source
<body background=”bg.jpg”>

Download bp.jpg, open with text editor, you can find Ducky.php

————————
level 17 http://www.hackertest.net/unavailable/Ducky.php

Password: your IP address

You can find your IP address, using online tool, such as:
http://whatismyipaddress.com/
http://www.ip2location.com/
– etc.

After login then view page source…
<b>Warning</b>: Cannot modify header information – headers already

sent by (output started at

/home/hackert/public_html/unavailable/Ducky.php:11) in

<b>/home/hackert/public_html/unavailable/Ducky.php</b> on line

<b>58</b><br />

../level18.shtml
.
.
.

————————
level 18 http://www.hackertest.net/level18.shtml

Scroll to bottom of page, you can find …
$pass) { $errormsg=$msg; show_login_page($errormsg); exit(); } else

{ setmycookie(); } } else { if ($_COOKIE[$cookiename]<>$pass) {

show_login_page($errormsg); exit(); } else { // do nothing } } ?>

/level19.shtml << told ya to think like a n00b!!!

————————
level 19 http://www.hackertest.net/level19.shtml

From… view page source
.
.
.
<td width=”100%” background=”images/level20_pass.gif”>
.
.
.

View http://www.hackertest.net/images/level20_pass.gif using GIMP,

you can find text “gazebruh2”

————————
level 20 http://www.hackertest.net/gazebruh2.htm

In the page you can see
1. hex.gif contain:

“436f6e67726174756c6174696f6e732532312b596f752b686176652b7061737365

642b746f2b6c6576656c2b31302e2b486572652532432b7468696e67732b6265636

f6d652b6d7563682b6d6f72652b6469666663756c742b2533422d2532395b486f70

652b796f752b6765742b7468726f7567682532312b456e6a6f792e”

if you decode it, the message “Congratulations%

21+You+have+passed+to+level+10.+Here%

2C+things+become+much+more+diffcult+%3B-%29[Hope+you+get+through%

21+Enjoy.”

2. some character:

VldwSk5Gb3lVa2hQUjJSclRUSlJlbFJITlU5TlIwNTBWbTE0YTFJelVqSlpNakF4WWt

kT2NFNVlWbUZYUmtZeVYycEtTbG95U25SUFZFNU5Xbm93T1QwOT09
if you decode it (base 64) 4 times, the message “Go to

http://www.streetkorner.net/gb now.”

3. using Ctrl+A, you find ^^^^^^^^^^ Change domain, add “22332” at

the end, reach it and then get hold of … ^^^^^^^^^^

So my experiment end at http://www.hackertest.net/gb22332/ to reach

level 21, if it is exists 🙂

hackertest.net level 20hackertest.net level 20

Hey there, here another try i use with google, type this site:http://www.hackertest.net inurl:*
and the suspicoues results are:
1. http://www.hackertest.net/gb22332/design/
– footer.inc.php
– guest.css
– header.inc.php
– send.inc.php
2. http://www.hackertest.net/gb22332/admin.php
SadRavenGB
it contain russian languages
Вход в админ.центр:
Логин:
Пароль:
Войти

in english
Log in admin.tsentr:
Login:
Password:
Log in

3. http://www.hackertest.net/gb22332/guest.php
4. http://www.hackertest.net:2082/unprotected/loader.html
5. http://www.hackertest.net:2082/login/

Any one have clue ?

Advertisements

52 Responses

  1. From Googling, I got to know that cPanel is commercial hosting app, and I think 2082 is the port to log in and control the site; so this is going real now.

    Great job done, hacking through all these levels! =)

    • http://www.hackertest.net:2082/login/

      i get to this link and saw a step further to real hacking.

      i tried a bit of sql injection.
      but cannot understand what actually is going to happen
      after this
      and close the browser and what happened is that
      “as the level 20 mentioned u will be lost forever”

      the same happens and i can access the site form my ip

      it’s not opening.

      pls help………………..

  2. http://www.hackertest.net/gb22332/passwd.dat

  3. i tried secod level password but it did not work

    • its not 1…….
      🙂

  4. I looked at that password file and the hash is MD5 and im trying to crack it now

  5. 1c9c8941f2ec49e1bb0a658cee8506f4 is -=notfound=-

  6. I tried logging in to http://www.hackertest.net:2082/login/ with

    username: sad raven
    password: -=notfound=-

    then i cant load the site anymore, it completely locks! WTF is going on here???

  7. when i crack hex.gif in level 20 its result is infinity….

  8. The decrypted hash is

    h’ or ‘1’=’1

    This looks like SQL injection doesn’t it?

  9. Yea thats a SQL dont know realy got blocket from their website / they go offline but i would try something like
    /guest.php?page=XX
    /guest.php?page=h’or’1’=’1
    /guest.php?page=1

  10. Guys, cPanel only allows a maximum of 8 characters in a username. “sad raven” can’t be the username. “sadraven” on the other hand, is a possibility.

  11. the website does not go offline, it’s just blocking your IP upon failed login attempt. To bypass that you would have to change your ip with each failed attempt

  12. check this

    http://www.hackertest.net/gb22332/design/send.inc.php

  13. i found this in the sad raven guestbook
    Вход в админ.центр:
    Логин:
    Пароль:

    it say that name : alogin , pass : pass
    but it actually false

  14. http://www.hackertest.net/gb22332/guest.php

  15. i have A clue. Read This

    ^^^^^^^^^^ Change domain, add “22332” at the end, reach it and then get hold of … ^^^^^^^^^^
    StatCounter – Free Web Tracker and Counter

  16. 2 years… but, i found this
    http://www.hackertest.net/gb22332/data/

  17. Hey everybody.
    It took some tries but i think i solved it… or isn’t that the end?

    Look at the error message at http://www.hackertest.net/gb22332/
    The “Document Not Found” error is 404 but here it says 505!

    As I already mentioned it took some tries but I found http://www.hackertest.net/505/

    Same thing on this page but with a subdirectory, so the next URI to go to is: http://www.hackertest.net/505/403/

    And of course we know “the answer to life the universe and everything” (if not ask google)

    Next URI is http://www.hackertest.net/42.php

    If you press “Enter” you’ll be sent to the homepage http://www.hackertest.net/ but with the refferer you have the content is different.

    That’s it for me so far…

    I think there must be more because of that secret code, but what!?

    • We are two, i think that secret code is the goal of this test. If an “hacker” hacking a system, he does that to find the secret code! no?

    • Membrane i also want to know more, but i dont know what 😦

  18. Wow.. after a day, I finally reached the end:

    http://www.hackertest.net/gb22332/ is the right way. I saw “Error 505”.. I tried everything, but nothing, then, exausted, I inserted the number “505” in the address bar: http://www.hackertest.net/505/ and another error (403 this time) appeared. I did the same thing before so the address this time was: http://www.hackertest.net/505/403/ and WOW! I saw a white page with only one sentence in the middle of it: “What is the answer to life, the universe, and everything?”. I made a search with google and wikipedia gave me the answer: 42! Then I added the php extension to that “magic” number and i put it in the address bar: http://www.hackertest.net/42.php I clicked on Enter and a congratulation page was shown to me!

  19. What does the secret code means? “seoJimWseo”
    Is that the password for: http://www.hackertest.net:2082/login/
    If that is the password; what is the username?
    Because i think we almost made it but lvl. 21 is’nt the end?
    Because it is telling us again a secret code.

    I think there is more, but where do we have to search? And what does “seoJimWseo” means?

  20. Piece of writing writing is also a excitement, if you
    be acquainted with then you can write if not it
    is complicated to write.

  21. Aw, this was a really nice post. Taking a few minutes and actual
    effort to create a great article… but what can I
    say… I put things off a lot and never manage to get nearly
    anything done.

  22. Thanks dude

  23. I need to to thank you for this fantastic read!! I certainly loved every little bit of it.

    I have got you book-marked to look at new
    things you post…

  24. how did you decode the “look for a photoshop document” ? ..

  25. in http://www.streetkorner.net/gb, i never saw the :

    ^^^^^^^^^^ Change domain, add “22332″ at
    the end, reach it and then get hold of … ^^^^^^^^^^

    where is it? … already did ctrl A .. nothing .. not found in the source too…

  26. Hello to every one, the contents existing at this website are actually remarkable for people experience, well, keep
    up the nice work fellows.

  27. Even so, what if I do not want to rip everything on
    the disk, it’s possible I just want a couple tracks ripped. It can be price checking this because if it is really complicated to read through it can be rather aggravating.

  28. Do you mind if I quote a few of your posts as long as I provide
    credit and sources back to your weblog? My blog
    site is in the very same area of interest as yours and my
    visitors would really benefit from a lot of the information you provide here.

    Please let me know if this alright with you. Appreciate it!

  29. in this page (http://www.hackertest.net/42.php) the code says:
    ‘Make sure you pass referrels’
    any ideas?

    • you probably missed the intermediately steps and it uses to cookies to log your success…
      Just complete the steps in order and it should work?

  30. […] Pour ceux qui n’y arrivent pas il y’a la soluce ici […]

  31. When I originally commented I clicked the “Notify me when new comments are added”
    checkbox and now each time a comment is added I get three
    e-mails with the same comment. Is there any way you can remove
    me from that service? Thanks a lot!

  32. Thanks for finally writing about >hackertest.net level
    1 – 20 | 許 祿 煒 的 熊 猫 Blog – PandaZen blog <Loved it!

  33. I actually Believe that article, “hackertest.net level 1 – 20 | 許 祿 煒 的 熊 猫 Blog – PandaZen blog” was just right!
    I personallycouldn’t agree together with you more!
    Finally looks like I reallylocated a web site truly worth reading.
    Thanks, Carolyn

  34. I found this http://c25.statcounter.com/counter.php?sc_project=2529692&java=0&security=119548e0&invisible=0 on the page http://www.hackertest.net/42.php. It seems like a clue….

  35. Olympus oder Panasonic?

  36. only one precisation: decoding the string obtained from hex.gif in level 20 with URL decoding you got “Congratulations! You have passe?d to level 10. Here, things bec??me much more diffcult ;-)[Hop?e you get through! Enjoy” – much more readable 😉

  37. http://www.hackertest.net/gb22332/passwd.dat

    I think there are more than 20 levels…

  38. it is really helpful

  39. what a good guide

  40. do you guys know anything about jonmchan@gmail.com, its hidden in the image source code on level 19

    • Hey nivesnine
      i found this email too in the picture i would try to contact him

    • I saw that too, it all seems quite weird. You are given a new code at the end, plus there is the jonmchan@gmail.com randomly appearing in one of the images.

      I don’t know how many people noticed, but did you see the script within the tags at http://www.hacktest.net?
      it contains a password() function, I don’t know whether it is related to something.

      I know you can type into the text area at the top of the page. Some how i feel it is significant.

  41. Hey nivesnine
    i found this email too in the picture i would try to contact him

  42. http://www.hackertest.net/42.php

  43. BAM! Just Emailed One Of The Creators Of The Site And He Said (Quote):

    “Yes, there is a level 21. There is 35 levels or so if I remember correctly. I believe the last level congratulates you and links back to the first page, but it is very hard. I don’t remember the details – I did it like 3 years ago.”

    Hope I Helped You Find More Hope. Keep Searching Fellow Hackers 🙂

  44. nowadays, if you try to go to http://www.hackertest.net:2082/unprotected/loader.html or http://www.hackertest.net:2082/login/ the page is redirect to https://my.bluehost.com/cgi/account/cpanel?goto_uri=/login/ and the icons are similar to the http://www.hackertest.net

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: