What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.

2012-11-11

TRY2HACK - Level 6

Description:

LEVEL 6

To pass this level, download this Visual Basic 6.0 program and enter the correct username/password to proceed to the next level.

Solution :
  1. Download the file first, and we have to unzip it before we can use it.
    Link:
    http://www.try2hack.nl/levels/level6.zip

    File list :
    LEVEL6.TXT, LEVEL6.EXE
  2. Before we execute LEVEL6.EXE, we maybe need VB 6.0 runtime dll and other OLE Control eXtension files.
    Here are some useful links :
    [Tool]
    http://vbdis4.angelfire.com/
    http://www.microsoft.com/en-us/download/details.aspx?id=5721
    http://support.microsoft.com/kb/192461
    [MSWINSCK.OCX]
    http://www.ocxdump.com/ocxfiles/M/MSWINSCK.OCX
    [RICHTX32.OCX]
    http://www.ocxdump.com/ocxfiles/R/RICHTX32.OCX
  3. The successful execution is like below.
  4. If we enter any username/password for testing, the application will connect server back to check authentication.


  5. From the HTTP packet content, we knew the true username, password and page for next level are encrypted with 'Bacon's cipher'.
    Wikipedia: http://en.wikipedia.org/wiki/Bacon's_cipher
    a   AAAAA   g     AABBA   n    ABBAA   t     BAABA
    b   AAAAB   h     AABBB   o    ABBAB   u-v   BAABB
    c   AAABA   i-j   ABAAA   p    ABBBA   w     BABAA
    d   AAABB   k     ABAAB   q    ABBBB   x     BABAB
    e   AABAA   l     ABABA   r    BAAAA   y     BABBA
    f   AABAB   m     ABABB   s    BAAAB   z     BABBB
  6. After we decrypted the username and password, it will show us the URL for nex level.
    username : dabomb
    password : encryptionrawks
    url : http://www.try2hack.nl/levels/level7-xfkohc.php

  7. It's done!!

No comments:

Post a Comment