Web - Server

Discover the mechanisms, protocols and technologies used on the Internet and learn to abuse it!

These challenges are designed to train users on HTML, HTTP and other server side mechanisms. The following series of challenges will cultivate a better understanding of techniques such as : Basic workings of multiple authentication mechanisms, handling form data, inner workings of web applications, etc. ...

Prerequisites:

Understand HTML.
Understand the HTTP protocol.
Ability to manipulate a web browser.

Challenges ahead:

Dual encoding
Remote File Inclusion
CGI (perl, python, bash)

Challenges

Results	Challenge's Name	Validations	Number of points	Difficulty	Author	Who ?	Solution
	Backup file	8%	15 Points	Easy	g0uZ	Who ?	0
	CRLF	9%	20 Points	Medium	g0uZ	Who ?	0
	Directory traversal	16%	25 Points	Medium	g0uZ	Who ?	0
	File upload : MIME type	6%	20 Points	Medium	g0uZ	Who ?	1
	File upload : null byte	6%	25 Points	Medium	g0uZ	Who ?	1
	HTML	53%	5 Points	Very easy	g0uZ	Who ?	0
	HTTP directory indexing	25%	15 Points	Easy	g0uZ	Who ?	0
	HTTP GET	11%	15 Points	Easy	g0uZ	Who ?	0
	HTTP verb tampering	15%	15 Points	Easy	int_0x80	Who ?	0
	Install files	17%	15 Points	Easy	g0uZ	Who ?	0
	Local File Inclusion	12%	30 Points	Medium	g0uZ	Who ?	1
	PHP filters	9%	25 Points	Medium	g0uZ	Who ?	1
	Register globals	5%	25 Points	Medium	g0uZ	Who ?	1
	SQL injection - authentication	19%	30 Points	Medium	g0uZ	Who ?	1
	SQL injection - blind	7%	50 Points	Hard	g0uZ	Who ?	2
	SQL injection - numeric	6%	35 Points	Medium	g0uZ	Who ?	1
	SQL injection - string	6%	30 Points	Medium	g0uZ	Who ?	0
	User-agent	24%	10 Points	Very easy	g0uZ	Who ?	0
	Warm cookies	25%	20 Points	Medium	g0uZ	Who ?	0
	Weak password	37%	10 Points	Very easy	g0uZ	Who ?	0
	XPath injection - authentication	4%	35 Points	Medium	g0uZ	Who ?	2
	XPath injection - numeric	2%	35 Points	Medium	g0uZ	Who ?	1
	File upload : double extensions	7%	20 Points	Medium	g0uZ	Who ?	0

Challenge Results

Pseudo	Challenge	Lang	Date
nannka	File upload : null byte		24 May 2013 at 19:29
riyelpicture	Local File Inclusion		24 May 2013 at 18:54
nannka	File upload : double extensions		24 May 2013 at 18:51
nannka	File upload : MIME type		24 May 2013 at 18:46
riyelpicture	File upload : double extensions		24 May 2013 at 17:24
Bataz	File upload : MIME type		24 May 2013 at 16:55
nannka	PHP filters		24 May 2013 at 15:23
Nicktoon	Mot de passe faible		24 May 2013 at 15:21
nannka	Local File Inclusion		24 May 2013 at 14:40
nannka	SQL injection - authentication		24 May 2013 at 14:29

0 | 10 | 20 | 30 | 40

Last Posts

Users

18 visiteurs en ce moment

Last registered users : qophi Doug Brescia AdhelladeadlYIV Hraf manux Emmanuel Riou mpmo

ShoutBox

m31z0nyx
23:25 04/05/2013
Hi Nick,
Yeah, it looks like C&C-1 is a bit trickier than that. A good starting point are the related ressources.
You are welcome to post your challenge related questions on the forum so it can help out other people too.
Regards,
Nick
17:13 29/04/2013
Seriously don’t understand C&C level 1. I have literally tried every accepted foreign IP address that just talks to one computer on the network. Only problem is there are like none
m31z0nyx
21:41 11/02/2013
Hi all,
The App-Script Shell5 challenge is down until tomorrow morning.
g0uZ
13:22 09/02/2013
test 2
g0uZ
09:40 09/02/2013
test message
r00ter
11:54 10/01/2013
Hi.Im trying to root LAMP ctf6 and Im stuck here.Im in the machine but as an apache user..So I uploaded a local exploit, 8478.sh and run ./8478.sh 379 but the generated SUID file isnt owned by root,still apache..Where Im I going wrong?
g0uZ
02:29 28/12/2012
fixed
spump
21:22 27/12/2012
section EN, main page, solutions: no challenge name!
m31z0nyx
16:56 24/12/2012
The Root-Me.org team whishes a Merry Christmas to everyone !
m31z0nyx
15:25 08/10/2012
New crypto challenge "Padding Oracle" released !
Go ! go !
g0uZ
15:11 31/08/2012
test reload auto & close auto post edition
g0uZ
14:58 31/08/2012
test chatbox en
Overlock
07:09 07/08/2012
http://www.root-me.org/en/Challenges-148/Cracking-158/AutoPE-604
poutred
g0uZ
20:44 22/05/2012
lot of "lang transition"’s bugs fixed (you should not change language as you do not explicitly ask)
g0uZ
20:01 23/04/2012
check : http://router.root-me.org/
m0x39
15:55 23/04/2012
hi, how come the wargames do not connect on port 2223 ? or on 22 the user and pass dont work ?
koma
16:19 26/02/2012
kapil sharma maybe you are searching at the wrong place
kapil sharma
19:25 25/02/2012
i am unable to understand that what paasword is putting into stegnography image method . .what is the puzzle?
kapil sharma
19:24 25/02/2012
i am unable to understand that what paasword is putting into stegnography image method . .what is the puzzle?
5P00N
22:07 07/02/2012
what do i do on here my friend told me it teaches you to hack from square 1
5P00N
22:07 07/02/2012
what do i do on here my friend told me it teaches you to hack from square1
Armel
22:07 27/08/2011
Of course John!
g0uZ
11:34 29/01/2011
Fixed : lang
handling bug.
g0uZ
19:07 23/01/2011
Welcome all !