pandazen
I hear about this site http://www.hackertest.net from my friend, this site have puzzle to solve to enter to the next level. So this is the answer of level i pass, but i stuck at level 20. Is there level 21? The tool to pass all level only text editor and GIMP, maybe above level 20 are the real hacker test 🙂
————————
level 1 http://www.hackertest.net/
Password:null
From… view page source
<script language=JavaScript>
{
var a=”null”;
function check()
{
if (document.a.c.value == a)
{
document.location.href=”http://www.hackertest.net/”+document.a.c.va
lue+”.htm”;
.
.
.
————————
level 2 http://www.hackertest.net/null.htm
Password:l3l
From… view page source
<script language=”JavaScript” type=”text/javascript”>
var pass, i;
pass=prompt(“Please enter password!”,””);
if (pass==”l3l”) {
window.location.href=”http://www.hackertest.net/”+pass+”.htm”;
.
.
.
————————
level 3 http://www.hackertest.net/l3l.htm
Password:#000000
From… view page source
<body onload=javascript:pass(); alink=”#000000″>
<SCRIPT LANGUAGE=”JavaScript”>
function pass()
{
var pw, Eingabe;
pw=window.document.alinkColor;
Eingabe=prompt (“Please enter password”);
if (Eingabe==pw)
{
window.location.href=String.fromCharCode(97,98,114,97,101)+”.htm”;
.
.
.
————————
level 4 http://www.hackertest.net/abrae.htm
————————
level 5 http://www.hackertest.net/sdrawkcab.htm
Password:SAvE-as hELpS a lOt
From… view page source
<script language=JavaScript>
var pass, i;
pass=prompt(“Password: “,””);
if (pass==”SAvE-as hELpS a lOt”) {
window.location.href=”save_as.htm”;
.
.
.
————————
level 6 http://www.hackertest.net/save_as.htm
Password:hackertestz
From… view page source
<SCRIPT SRC=”psswd.js” LANGUAGE=”JavaScript”
type=”text/javascript”></script>
Open http://www.hackertest.net/psswd.js
<!–
var pass;
pass=prompt(“Password:”,””);
if (pass==”hackertestz”) {
window.location=”included.htm”;
.
.
.
————————
level 7 http://www.hackertest.net/included.htm
Username:phat
Password:jerkybar3
From… view page source
<body bg=”images/included.gif”>
Open http://www.hackertest.net/images/included.gif
————————
level 8 http://www.hackertest.net/pwd2.php
Username:zadmin
Password:stebbins
From… view page source
<form action=phat.php method=post>
Open http://www.hackertest.net/phat.php
<BODY BGCOLOR=”ffffff” TEXT=”000000″ BG=”images/phat.gif”>
Open http://www.hackertest.net/images/phat.gif
the result is “Look for a .PhotoShopDocument!” => PSD
Download http://www.hackertest.net/images/phat.psd
Open phat.psd using photoshop or gimp
Hide another layers, only show Background and DEMO DEMO DEMO DEMO
————————
level 9 http://www.hackertest.net/phat.php
Form… view page source
<!—————————————————————-
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
—————– Password: Z2F6ZWJydWg= add a page extention to
that ————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
——————————————————————
—————————— >
Decode Z2F6ZWJydWg= (base 64 to text), using online tools like:
– http://ostermiller.org/calc/encode.html
– http://webnet77.com/cgi-bin/helpers/base-64.pl
–
http://www.opinionatedgeek.com/dotnet/tools/Base64Decode/Default.as
px
– http://www.motobit.com/util/base64-decoder-encoder.asp
– etc.
The result : gazebruh
————————
level 10 http://www.hackertest.net/gazebruh.php
Password:shackithalf
From… view page source
<td width=”100%”><font size=”2″ face=”Tahoma”><i>S</i>treet Korner
is your
own online <i>hack</i>er simulation. W<i>it</i>h over 100 levels
that require
different skills to get to another step of the game, this new
real-life immitation will <i>h</i>elp you advance your security
knowledge.
This site will help you improve your JavaScript, PHP, HTML and
graphic thinking in <i>a</i> fun way that will entertain any
visitor! Have
a spare minute? Log on! Each level wil<i>l</i> provide you with a
new,
harder clue to find a way to get to another level. Only <i>f</i>ew
people
have gotten to the end of the maze… Will you crack this
site?</font></td>
The italic tag S-hack-it-h-a-l-f = shackithalf
————————
level 11 http://www.hackertest.net/gazebruh.php
From… hidden text, using Ctrl+A you can find clue “Level 11:
rofl.php”
————————
level 12 http://www.hackertest.net/rofl.php
From… view page source
<meta name=”robots” content=”goto: clipart.php”>
————————
level 13 http://www.hackertest.net/clipart.php
From… view page source
<meta name=”clue” content=”use graphic software”>
.
.
.
<img border=”0″ src=”images/logo.jpg” width=”300″
height=”145″></td>
.
.
.
View http://www.hackertest.net/images/logo.jpg, and zoom it, you
can find puta.php
View page source http://www.hackertest.net/puta.php
<meta name=”clue” content=”use graphic software”>
.
.
.
<td width=”100%” height=”267″ valign=”top”><b><font size=”7″
face=”Arial”><img src=”images/lvl13.gif”></font></b><p> </p>
.
.
.
View http://www.hackertest.net/images/lvl13.gif, and zoom it, you
can find 4.xml
In http://www.hackertest.net/4.xml, you can find 4xml.php
————————
level 14 http://www.hackertest.net/4xml.php
From… view page source
<meta name=”clue” content=”use graphic software”>
.
.
.
<img src=”images/bidvertiser.gif”>
.
.
.
View http://www.hackertest.net/images/bidvertiser.gif using GIMP,
you can find text TOTALLY!!! php
————————
level 15 http://www.hackertest.net/totally.php
From… Since you still have your photoshop open, check this out:
images/pass2level16.jpg << good luck with it!
Open http://www.hackertest.net/images/pass2level16.jpg, nothing =>
unavailable
————————
level 16 http://www.hackertest.net/unavailable/
From… view page source
UNAVAILABLE
<!– level 17: /images” –>
Visit http://www.hackertest.net/unavailable/images
View page source
<body background=”bg.jpg”>
Download bp.jpg, open with text editor, you can find Ducky.php
————————
level 17 http://www.hackertest.net/unavailable/Ducky.php
Password: your IP address
You can find your IP address, using online tool, such as:
– http://whatismyipaddress.com/
– http://www.ip2location.com/
– etc.
After login then view page source…
<b>Warning</b>: Cannot modify header information – headers already
sent by (output started at
/home/hackert/public_html/unavailable/Ducky.php:11) in
<b>/home/hackert/public_html/unavailable/Ducky.php</b> on line
<b>58</b><br />
../level18.shtml
.
.
.
————————
level 18 http://www.hackertest.net/level18.shtml
Scroll to bottom of page, you can find …
$pass) { $errormsg=$msg; show_login_page($errormsg); exit(); } else
{ setmycookie(); } } else { if ($_COOKIE[$cookiename]<>$pass) {
show_login_page($errormsg); exit(); } else { // do nothing } } ?>
/level19.shtml << told ya to think like a n00b!!!
————————
level 19 http://www.hackertest.net/level19.shtml
From… view page source
.
.
.
<td width=”100%” background=”images/level20_pass.gif”>
.
.
.
View http://www.hackertest.net/images/level20_pass.gif using GIMP,
you can find text “gazebruh2”
————————
level 20 http://www.hackertest.net/gazebruh2.htm
In the page you can see
1. hex.gif contain:
“436f6e67726174756c6174696f6e732532312b596f752b686176652b7061737365
642b746f2b6c6576656c2b31302e2b486572652532432b7468696e67732b6265636
f6d652b6d7563682b6d6f72652b6469666663756c742b2533422d2532395b486f70
652b796f752b6765742b7468726f7567682532312b456e6a6f792e”
if you decode it, the message “Congratulations%
21+You+have+passed+to+level+10.+Here%
2C+things+become+much+more+diffcult+%3B-%29[Hope+you+get+through%
21+Enjoy.”
2. some character:
VldwSk5Gb3lVa2hQUjJSclRUSlJlbFJITlU5TlIwNTBWbTE0YTFJelVqSlpNakF4WWt
kT2NFNVlWbUZYUmtZeVYycEtTbG95U25SUFZFNU5Xbm93T1QwOT09
if you decode it (base 64) 4 times, the message “Go to
http://www.streetkorner.net/gb now.”
3. using Ctrl+A, you find ^^^^^^^^^^ Change domain, add “22332” at
the end, reach it and then get hold of … ^^^^^^^^^^
So my experiment end at http://www.hackertest.net/gb22332/ to reach
level 21, if it is exists 🙂
hackertest.net level 20
Hey there, here another try i use with google, type this site:http://www.hackertest.net inurl:*
and the suspicoues results are:
1. http://www.hackertest.net/gb22332/design/
– footer.inc.php
– guest.css
– header.inc.php
– send.inc.php
2. http://www.hackertest.net/gb22332/admin.php
it contain russian languages
Вход в админ.центр:
Логин:
Пароль:
Войти
in english
Log in admin.tsentr:
Login:
Password:
Log in
3. http://www.hackertest.net/gb22332/guest.php
4. http://www.hackertest.net:2082/unprotected/loader.html
5. http://www.hackertest.net:2082/login/
Any one have clue ?
Filed under: web | Tagged: cheat, hack, hackertest |
許 祿 煒 的 熊 猫 Blog - PandaZen blog 
From Googling, I got to know that cPanel is commercial hosting app, and I think 2082 is the port to log in and control the site; so this is going real now.
Great job done, hacking through all these levels! =)
http://www.hackertest.net:2082/login/
i get to this link and saw a step further to real hacking.
i tried a bit of sql injection.
but cannot understand what actually is going to happen
after this
and close the browser and what happened is that
“as the level 20 mentioned u will be lost forever”
the same happens and i can access the site form my ip
it’s not opening.
pls help………………..
http://www.hackertest.net/gb22332/passwd.dat
i tried secod level password but it did not work
its not 1…….
🙂
I looked at that password file and the hash is MD5 and im trying to crack it now
1c9c8941f2ec49e1bb0a658cee8506f4 is -=notfound=-
I tried logging in to http://www.hackertest.net:2082/login/ with
username: sad raven
password: -=notfound=-
then i cant load the site anymore, it completely locks! WTF is going on here???
when i crack hex.gif in level 20 its result is infinity….
The decrypted hash is
h’ or ‘1’=’1
This looks like SQL injection doesn’t it?
Yea thats a SQL dont know realy got blocket from their website / they go offline but i would try something like
/guest.php?page=XX
/guest.php?page=h’or’1’=’1
/guest.php?page=1
Guys, cPanel only allows a maximum of 8 characters in a username. “sad raven” can’t be the username. “sadraven” on the other hand, is a possibility.
the website does not go offline, it’s just blocking your IP upon failed login attempt. To bypass that you would have to change your ip with each failed attempt
check this
http://www.hackertest.net/gb22332/design/send.inc.php
i found this in the sad raven guestbook
Вход в админ.центр:
Логин:
Пароль:
it say that name : alogin , pass : pass
but it actually false
http://www.hackertest.net/gb22332/guest.php
i have A clue. Read This
^^^^^^^^^^ Change domain, add “22332” at the end, reach it and then get hold of … ^^^^^^^^^^
StatCounter – Free Web Tracker and Counter
2 years… but, i found this
http://www.hackertest.net/gb22332/data/
Hey everybody.
It took some tries but i think i solved it… or isn’t that the end?
Look at the error message at http://www.hackertest.net/gb22332/
The “Document Not Found” error is 404 but here it says 505!
As I already mentioned it took some tries but I found http://www.hackertest.net/505/
Same thing on this page but with a subdirectory, so the next URI to go to is: http://www.hackertest.net/505/403/
And of course we know “the answer to life the universe and everything” (if not ask google)
Next URI is http://www.hackertest.net/42.php
If you press “Enter” you’ll be sent to the homepage http://www.hackertest.net/ but with the refferer you have the content is different.
That’s it for me so far…
I think there must be more because of that secret code, but what!?
We are two, i think that secret code is the goal of this test. If an “hacker” hacking a system, he does that to find the secret code! no?
Membrane i also want to know more, but i dont know what 😦
Wow.. after a day, I finally reached the end:
http://www.hackertest.net/gb22332/ is the right way. I saw “Error 505”.. I tried everything, but nothing, then, exausted, I inserted the number “505” in the address bar: http://www.hackertest.net/505/ and another error (403 this time) appeared. I did the same thing before so the address this time was: http://www.hackertest.net/505/403/ and WOW! I saw a white page with only one sentence in the middle of it: “What is the answer to life, the universe, and everything?”. I made a search with google and wikipedia gave me the answer: 42! Then I added the php extension to that “magic” number and i put it in the address bar: http://www.hackertest.net/42.php I clicked on Enter and a congratulation page was shown to me!
What does the secret code means? “seoJimWseo”
Is that the password for: http://www.hackertest.net:2082/login/
If that is the password; what is the username?
Because i think we almost made it but lvl. 21 is’nt the end?
Because it is telling us again a secret code.
I think there is more, but where do we have to search? And what does “seoJimWseo” means?
Piece of writing writing is also a excitement, if you
be acquainted with then you can write if not it
is complicated to write.
Aw, this was a really nice post. Taking a few minutes and actual
effort to create a great article but what can I
say I put things off a lot and never manage to get nearly
anything done.
Thanks dude
I need to to thank you for this fantastic read!! I certainly loved every little bit of it.
I have got you book-marked to look at new
things you post…
how did you decode the “look for a photoshop document” ? ..
in http://www.streetkorner.net/gb, i never saw the :
^^^^^^^^^^ Change domain, add “22332″ at
the end, reach it and then get hold of … ^^^^^^^^^^
where is it? … already did ctrl A .. nothing .. not found in the source too…
Hello to every one, the contents existing at this website are actually remarkable for people experience, well, keep
up the nice work fellows.
Even so, what if I do not want to rip everything on
the disk, it’s possible I just want a couple tracks ripped. It can be price checking this because if it is really complicated to read through it can be rather aggravating.
Do you mind if I quote a few of your posts as long as I provide
credit and sources back to your weblog? My blog
site is in the very same area of interest as yours and my
visitors would really benefit from a lot of the information you provide here.
Please let me know if this alright with you. Appreciate it!
in this page (http://www.hackertest.net/42.php) the code says:
‘Make sure you pass referrels’
any ideas?
you probably missed the intermediately steps and it uses to cookies to log your success…
Just complete the steps in order and it should work?
[…] Pour ceux qui n’y arrivent pas il y’a la soluce ici […]
When I originally commented I clicked the “Notify me when new comments are added”
checkbox and now each time a comment is added I get three
e-mails with the same comment. Is there any way you can remove
me from that service? Thanks a lot!
Thanks for finally writing about >hackertest.net level
1 – 20 | 許 祿 煒 的 熊 猫 Blog – PandaZen blog <Loved it!
I actually Believe that article, “hackertest.net level 1 – 20 | 許 祿 煒 的 熊 猫 Blog – PandaZen blog” was just right!
I personallycouldn’t agree together with you more!
Finally looks like I reallylocated a web site truly worth reading.
Thanks, Carolyn
I found this http://c25.statcounter.com/counter.php?sc_project=2529692&java=0&security=119548e0&invisible=0 on the page http://www.hackertest.net/42.php. It seems like a clue….
Olympus oder Panasonic?
only one precisation: decoding the string obtained from hex.gif in level 20 with URL decoding you got “Congratulations! You have passe?d to level 10. Here, things bec??me much more diffcult ;-)[Hop?e you get through! Enjoy” – much more readable 😉
http://www.hackertest.net/gb22332/passwd.dat
I think there are more than 20 levels…
it is really helpful
what a good guide
do you guys know anything about jonmchan@gmail.com, its hidden in the image source code on level 19
Hey nivesnine
i found this email too in the picture i would try to contact him
I saw that too, it all seems quite weird. You are given a new code at the end, plus there is the jonmchan@gmail.com randomly appearing in one of the images.
I don’t know how many people noticed, but did you see the script within the tags at http://www.hacktest.net?
it contains a password() function, I don’t know whether it is related to something.
I know you can type into the text area at the top of the page. Some how i feel it is significant.
Hey nivesnine
i found this email too in the picture i would try to contact him
http://www.hackertest.net/42.php
BAM! Just Emailed One Of The Creators Of The Site And He Said (Quote):
“Yes, there is a level 21. There is 35 levels or so if I remember correctly. I believe the last level congratulates you and links back to the first page, but it is very hard. I don’t remember the details – I did it like 3 years ago.”
Hope I Helped You Find More Hope. Keep Searching Fellow Hackers 🙂
nowadays, if you try to go to http://www.hackertest.net:2082/unprotected/loader.html or http://www.hackertest.net:2082/login/ the page is redirect to https://my.bluehost.com/cgi/account/cpanel?goto_uri=/login/ and the icons are similar to the http://www.hackertest.net