OWASP Hackademic Challenges Project

Our agents (hackers) informed us that there reasonable suspicion that the site of this Logistics Company is a blind for a human organs' smuggling organisation.

This organisation attracts its victims through advertisments for jobs with very high salaries. They choose those ones who do not have many relatives, they assasinate them and then sell their organs to very rich clients, at very high prices.

These employees are registered in the secret files of the company as "special clients"!

One of our agents has been hired as by the particular company. Unfortunately, since 01/01/2007 he has gone missing.

We know that our agent is alive, but we cannot contact him. Last time he communicated with us, he mentioned that we could contact him at the e-mail address the company has supplied him with, should there a problem arise.

The problem is that when we last talked to him, he had not a company e-mail address yet, but he told us that his e-mail can be found through the company's site.

The only thing we remember is that he was hired on Friday the 13th!

You have to find his e-mail address and send it to us by using the central communication panel of the company's site.

Good luck!!!

Your Country needs your help for finding the password of an enemy site that contains useful information, which if is not acquired on time, peace in our area will be at stake.

You must therefore succeed in finding the password of this military SITE.

Good luck!

XSS permits a malevolent user to inject his own code in vulnerable web pages. According to the OWASP 2010 Top 10 Application Security Risks, XSS attacks rank 2nd in the "most dangerous" list.

Your objective is to make an alert box appear HERE bearing the message: "XSS!".

A hacker informed us that this site suffers from an XSS-like type of vulnerability. Unfortunately, he lost the notes he had written regarding how exactly did he exploit the aforementioned vulnerability.

Your objective is to make an alert box appear, bearing the message "XSS!". It should be noted, however, that this site has some protection against such attacks.

You need to get access to the contents of this SITE. In order to achieve this, however, you must buy the "p0wnBrowser" web browser. Since it is too expensive, you will have to "fool" the system in some way, so that it let you read the site's contents.

In this assignment you must prove your... knightly skills! Real knights have not disappeared.

They still exist, keeping their secrets well hidden.
Your mission is to infiltrate their SITE. There is a small problem, however... We don't know the password!
Perhaps you could find it?

Let's see!
g00d luck dudes!

A good friend of mine studies at Acme University, in the Computer Science and Telecomms Department. Unfortunately, her grades are not that good. You are now thinking "This is big news!"... Hmmm, maybe not. What is big news, however, is this: The network administrator asked for 3,000 euros to change her marks into A's. This is obviously a case of administrative authority abuse. Hence... a good chance for D-phase and public exposure...

I need to get into the site as admin and upload an index.htm file in the web-root directory, that will present all required evidence for the University's latest "re-marking" practices!
I only need you to find the admin password for me...

Good Luck!

You have managed, after several tries, to install a backdoor shell (Locus7Shell) to trytohack.gr

The problem is that, in order to execute the majority of the commands (on the machine running the backdoor) you must have super-user rights (root).

Your aim is to obtain root rights.

A friend of yours has set up a news blog at slagoff.com. However, he is kind of worried regarding the security of the news that gets posted on the blog and has asked you to check how secure it is.

Your objective is to determine whether any vulnerabilities exist that, if exploited, can grant access to the blog's server.

Hint: A specially-tailored backdoor shell can be found at "http://www.really_nasty_hacker.com/shell.txt".

Would you like to become an active hacker ?
How about becoming a member of the world's largest hacker group:
The n1nJ4.n4x0rZ.CreW!

Before you can join though, you 'll have to prove yourself worthy by passing the test that can be found at: http://n1nj4h4x0rzcr3w.com

If you succeed in completing the challenge, you will get a serial number, which you will use for obtaining the password that will enable you to join the group.

Your objective is to bypass the authentication mechanism, find the serial number and be supplied with your own username and password from the admin team of the site.