ATTN: WWII IS STARTING - DECEMBER 2-3! TEAMS AND INDEPENDENT USERS LOOKING FOR TEAMS POST HERE
Alright guys, here's the deal:
WWII is starting! That's right, tonight i got a go-ahead. December 2-3. the following teams have a spot: DCS (copyleftwriting.org) Implosion (http://www.zloche.com/implosion/index.php) Byte Spazz (http://inetpopculture.com/exploithoe/index.php)
Any other team, post here before Wednesday. Here's the problem: Byte Spazz needs members! So if you want to be in webwars, post NOW. If you were ever part of a DCS, now's the time to post. If Byte Spazz gets 5 members, there are 2 spots open on DCS.
each team leader should post their roster here, and a note saying they are ready.
Hello. This was unexpected Darkstock:P Oh well. I guess its official. I run a team called Byte Spazz and were now in Web Wars. So for we have Renegade Ninja and I. We are recruiting at the moment. The site is www.exploithoe.ej.am is you are interested in joining, please contact me via:
-AIM [SSSHHHPLEASE2005] -Email [exploithoe@gmail.com] -MSN [exploithoe@gmail.com]
Edit: Ah guys we have a new member by the name of Ethernet
minermonk wrote: i swear WWII ended 60+ years ago?
maybe some1 with a rank above newbie should announce the start lol
That assumes that posts and petty challenges are an accurate measure of intelligence. I've had to walk people who are ranked in the top 100 on this site through simple tasks like setting up a server. Can you explain to me how a turing machine works and the computational complexity theory behind the P=NP problems? What about the significant of said problems? Anyone can read a tutorial and follow it. How to beat ALL HBH challenges, the unofficial guide:
- go to challenge page
- go to tuts, forums, etc…
- ?
- complete! j00 = 1337
Not to mention that several of my previous accounts have been deleted for doubting the validity of cheese's actions. See http://www.copyleftwriting.org/hbhdiscussion.html.
The problem with idiots is that they always talk and never listen. A high post count is more likely to mean you have no social life and no brains than that you are intelligent and committed. It can mean the latter in many circumstances, but in more circumstances, high level posters are not the smartest ones on the forums.
SlimTim10 wrote: This thread is not official, it is purely darkstock's interpretation.
hack4u is judging. If him and I are the only ones who would get off our lazy asses and start this competition, so be it. It doesn't matter who's interpretation it is. We have a judge and we have competitors. Live with it.
If you don't want it happening now, give us a date, time and judge. Do or do not, there is no try. The admins of HBH have been trying to organize this for ages. I opened up my email client and got all the teams and a judge notified. The staff had plenty of time to prove themselves competent of organizing this competition. they failed. It's been a year and countless teams have been started and dissipated since last year. So fine, it's my interpretation. jump on bored now or you may never compete.
Maybe you should consult the actual owner and founder of HBH, otherwise points may not be awarded for it as it won't be official. I've talked about it with Mr_Cheese, he agrees that the members are trying to take control if it (this thread, for example) but he wants it done a completely different way, a better way in my opinion.
This web wars is actually hosted by HBH Zine. So Zine or HBH is not responsible for anything that happens but we judge the winners. Its been too long since weve had a webwars so Zine picked it up.
Of course im only doing this because I know that Mr_Cheese is busy atm and that eventually when his busy period is over and he finds some time he will resume web wars his way.
ATTN: I need to talk with each leader personally before we start anything. So please contact me so that I can get all your information.
DO NOT give out your sites to members that are not in Web Wars.
hack4u wrote: This web wars is actually hosted by HBH Zine. So Zine or HBH is not responsible for anything that happens but we judge the winners. Its been too long since weve had a webwars so Zine picked it up.
Of course im only doing this because I know that Mr_Cheese is busy atm and that eventually when his busy period is over and he finds some time he will resume web wars his way.Okay, fair enough. I think a lot of people, including myself, were under the impression that this was strictly HBH and points would be awarded on HBH accounts. So just as a confirmation, that is not the case; points will not be awarded on HBH regarding this thread's information.
It's not better if it never fucking happens.
I've sent numerous emil,s IMs, PMs and other forms of contact to several members of thhe staff on this site. They ahve all been ignored.
Waiting a year for a challenge is just ridiculous. And it's the reason that it's never going to happen. There's been such a long wait that many people are questioning rather or not the admins have canceled it for good – even though there's a link to the informational page on the index of HBH.
So what if users are taking it over? It's not about status. It's not about points. It's about learning. All that matters in the new 'www competition forum' era of hacking is the amount of points you have. I don't give a damn who has the most time to weed through articles and how-tos for beating challenges. All I care about is learning. Not who learn the most, because it's not a competition. it's a fun game. So don't award points. Boo fucking hoo. what's going to happen? And what happened to that supposed obedience to democratic and liberal ideals? you know, when people are allowed to speak and organize only when it glorifies you, it's not liberalism. it's totalitarianism.
Oh, and if you are referring to the 'patch this CMS' method, that's a patching challenge, not a coding one. The way webwars is set up makes it a coding challenge. It provides flexibility and freedom – for a competition very similar - run by staff who are keeping it running and happening - we are building a mock auction site, and bringing the hacking away from spotting common XSS flaws and exploiting minor glitches and into the type of analytical hacking that is needed in the real world - finding new approaches and methods at breaking into a system - and getting into the sysadmin's head to do it. You don't have to do any of that in order to win a patching challenge, you just have to be the best auditor. it's not a bad idea, but don't destroy this challenge and add that one. Make it a different activity: code auditing or something.
First off i dont think people who are new know what Web Wars is exactly:
-
You dont get points on your profile. Your TEAM gets points in the webwars section. There are NO points awarded to individuals. Whether the competition be held by HBH or HBH Zine.
-
This is a group effort so those who do more work will not be recognized as the best on the team but the team gets the recognition.
3)Cheating will result in a permanent ban from Web Wars for the rest of the event and the next Web Wars event.
4)Same rules apply for each and every Web Wars.
and
- Have fun and learn something.
- The winner of the competition might have their site become a realistic hacking challenge here at HBH if it is a good exploit. This has happened to real 8. *
NEW SITE GUYS http://valora.hopto.org/~jarvin/
Now im not sure if this is against the rules but im pretty sure that Drive C:\ Sucks has broken some sort of rule. On thier site, if you follow a robots.txt file you get to a directory called etc/ in there the login.php tells you to use a program called useragnt.exe. which is also in etc/. So you download it and run it. It modifies your autoexec.bat file to delete critical files on your hard drive on the next startup. Im pretty sure that web wars is not about destroying other peoples computers. Is this not somehow against the rules. I think that intentionally putting something like that on your site during web wars should be highly against the rules as it ruins the fun for everyone.
it doesn't destroy any critical files. It just echos some stuff about our team, deletes log files and notepad.exe.
-
use a hex editor and find out what the hell you are running
-
I ran this on my own computer before uploading it. Nothing adverse happened: I had to get my backup disk and re-install notepad. Took a whole of 3 minutes.
-
notepad and log files aren't system critical.
-
run linux
-
I asked hack4u and he said it'd be fine.
-
It doesn't impair you from competing in web wars.
-
if you need notepad.exe, contact me.
darkstock wrote:
- use a hex editor and find out what the hell you are running
I'm not sure about you, but I certainly can't read OPcode. Also learning ASM is a requirement to disassembling executables so it isn't that easy (unless you used system("delete c:\\windows\\system32\\notepad.exe") in the code, assuming its C. You could probably see the string.
revolt0163 wrote: [quote]darkstock wrote:
- use a hex editor and find out what the hell you are running
I'm not sure about you, but I certainly can't read OPcode. Also learning ASM is a requirement to disassembling executables so it isn't that easy (unless you used system("delete c:\\windows\\system32\\notepad.exe") in the code, assuming its C. You could probably see the string.[/quote]
wow… I didn't think that anyone could be so stupid. I said HEX EDITOR not DISASSEMBLE, you incompetent fool. i know ASM, it's not as hard to learn as is made out, and disassemblers are helles hard to write, but you don't have to. Download one of a million hex editors, open it up, and scroll through for PLAIN TEXT string of the del command… or the file's name… or one of a million other things, or any plain text that didn't match the trojan's output. I coded it in a way that is wasn't hard to find, and the file are only 1.1MB.
Oh, and in case you can't read, I edited the autoexec.bat, so after the program didn't work, they should have still opened up the program and found out what it did, then edited your atuoexec back to what it was before BEFORE restarting. So no, I didn't use the system command, because I edited a file, I didn't go and straight run the command. Read and use common sense, or just don't post.
It didn't do anything too bad, and I gave a million and one chances for them to NOT run into problems, from not download unknown execs from obvious honey pots (an ETC folder in a subfolder with clear text password files and a BS login page) to not restarting before you know exactly what an obvious trojan did to your system.