Web Wars:

lets get web wars started!

For those of you who dont know what web wars is:

it is a online hacking competition where teams compete agasint each other to hack another teams website.

Here are the rules we have so far: Website Creation: -Teams must create their own website

• websites must have some sort of hackable content (php fusion 4.01 / guestbook etc)
• The hackable content must be uploaded onto the site, with no external links to bravenet etc

Contest:

• Each team will attempt to hack other teams websites
• points will be awarded for how long a team can own another persons website
• points will be awarded for stopping a hack, and patching it
• teams are allowed to upload backdoors for later use
• server hacks are NOT permitted
• competition will take place over 3 days

Afterwards:

• Websites are returned to their owners and backdoors removed
• Teams must submit their hacks and exploits to Judges
• Participants are then given a list of exploits + how to patch them
• Points will then be awarded to teams
• Websites are rebuilt ready for the next event.

Does anyone have any questions / improvements / ideas?? We're interested in your feedback!

this is theonly1 i would like to be a web wars judge. i think could learn a hole lot from this. thank you

sure thing, i'll speak with you on AIM at some point, i'll tell you what to do etc.

Another question about web wars. How much do I need to know to join a team and play in web wars. I really would like to participate, but I don't know if I am good enought.

you need a willingness to learn.

Webwars is designed for the weaker people to learn from the strong.

So you cna be any ability, there is something for everyone, and its a really good learning experiance.

Quick Question:

Should we put a post on the Index.htm page that allows the other teams to see what we consider 'control' of the site? Such as a user/pass directory we set up, or perhaps a guestbook… or do they just find out on their own?

you dont HAVE to plan a way to hack it. You can post a message on the index page, saying how you would like them to deface it and post theit team hash. However the beauty of webwars is that there is not set way to hack thigs. The websites arent like a mission, you are allowed to roam free and hack it however you pelase.

Mr_Cheese wrote: you dont HAVE to plan a way to hack it. You can post a message on the index page, saying how you would like them to deface it and post theit team hash. However the beauty of webwars is that there is not set way to hack thigs. The websites arent like a mission, you are allowed to roam free and hack it however you pelase.

Perhaps I should re-phrase… you said there must be atleast one thing able to be hacked in .php format… so I am wondering if you mean we must have a note saying what we wish to have them attempt to hack…?

Sorry for being such a bother…

-Deshouleres

nope, you dont have to explain anything. The point of this, is to simulate hackable websites. So people have to find the exploit(s) for themselves.

Just make sure the exploit, can allow for defacements

I personally think we need a solid protocol for scoring, involving both attackers and defenders.

Attackers should recieve-

Lower points for known exploits Higher points for unknown/custom exploits Higher points for creative exploits Lower points for a HAHA J00 GOT HAXD style defacement Higher points for creative defacement, relative to the content Points relative to the difficulty of the exploit Very low points for ragin, (spam in forums, users, ecommerce orders, etc,) Type of control gained, (moderation, admin, file access, database access, server access) If Server access is gained, Bonus points, but instant ban from Web Wars if server is touched maliciously -Bonus Points- For being sneaky about anonymity

Defenders should recieve points for-

Having known exploits Added exploits of their own More points for creative means of showing off the exploit Points for site type variety, (forums, eccomerce,) Custom web software to be hacked Realistic scenarios Complexity of site beyond visable level- (IE. Secrative information hidden deeply beneath the surface)

thousandtoone wrote: I personally think we need a solid protocol for scoring, involving both attackers and defenders.

Attackers should recieve-

Defenders should recieve points for-

Perhaps that would be best for a later webwars, seeing as this one is still barely functional. Few people seem willing to participate actively, so I think it would be best for a later version… but good ideas.

most of what has been said above is true and decided by the judges. However the judges will decide on the amout of points given.

X.X In the rules you keep mentioning 'control' of a site, does that mean we must have a login point and after webwars starts can't do server-side edits, but must go through the site we made, log-in etc.?

If that doesn't make sense just give me a heads up and I will attempt to clarify.

yes your correct.

It is the WEBSITE that must be hacked. People ARE NOT to use server exploits.

By gaining control i mean either getting admin access / ftp access etc

**Mr_Cheese wrote:**it is a online hacking competition where teams compete agasint each other to hack another teams website.

Will the websites within the game be visible to people who arn't playing?

They're just normal websites, they are held on free webhosting servers. Everyone will be able to view them.

nights_shadow wrote: They're just normal websites, they are held on free webhosting servers. Everyone will be able to view them.

What would happen if somebody got involved in the game who wasn't supposed to?

thats something we cant control, which is why we wish members, not to disclose urls to non web wars members. I doubt this will happen. And if it does, and any destruction is caused, we can always restore the website.

Mr_Cheese wrote: thats something we cant control, which is why we wish members, not to disclose urls to non web wars members. I doubt this will happen. And if it does, and any destruction is caused, we can always restore the website.

I'm very stupid so explain to me slowly how every body will be able to veiw the sites without the urls being disclosed to them?

they wont…. but they might get hold of the urls from other members etc.

sounds great, hopefully it'll work out! Go cheese!

Team Cheese is going down!

You wish! We're going to kick emperor's ass! :p

Are you serious? Your team name is cheese. Cheese!!! Cheese cannot inspire any sort of fear or intimidation. When I think of cheese, I think of stupid Packer's fans with their fucking cheeseheads. I mean come on!

lmao, well the emperors make you sound like old guys from back in the ages of castles and horses. And, as everyone knows, old guys are slow :p

Seriously though, good luck to every team, make this a good one!

well old guys have more expierience and we take our time…. even though im only 15 lol but yeah GO 3mp3r0rs!

I'm the old one … 22 and damn proud of it!

metsoc30 wrote: I'm the old one … 22 and damn proud of it!

lol, cough cripple cough

i joke, if psychomarine would come on here, he'd probably kick my ass for saying 22 is really old :p

nights_shadow wrote: i joke, if psychomarine would come on here, he'd probably kick my ass for saying 22 is really old :p

lol, is he not 30-40 yeats of age? or is he in his 50's;)?

hey us youngings here can do a hell of alot better

scankyfrank wrote: [quote]nights_shadow wrote: i joke, if psychomarine would come on here, he'd probably kick my ass for saying 22 is really old :p

lol, is he not 30-40 yeats of age? or is he in his 50's;)?[/quote]

All i remember was that he is pretty old. Most likely the oldest person on this site, but, give the guy some respect hey, he's not in his 50's lol.

Lo all, wot must I do to join a team?…I have been reading all about the Web Wars and they sound good fun..A but like the rootthisbox.org stuff but not the whole box just the web site…

I know my score isn't very high but i haven't had much time and didn't join long ago, my HTS score is ok (http://www.hackthissite.org/user/view/r00tb00t/)

Thanks alot, r00tb00t

Im an admin on the H2H site and im not evil!!! lol.

I'd like to join web-wars, but i dunno much abt them yet, so i guess i'll join in WW3 (if there will be a WW3)

I would really liek to join web wars but first i have to questions they are: #1 when is this gonna start #2How do i sign up :)

1. I think it just started(so too late :()
2. Find the apply to a team page (I did it for you :)

:P

OK …….very important questions:

1. As i said in shoutbox, when does WW II start? 15 or 10 because on the main page it says 10 :o………..?!?
2. Where the are the links, because i can't find them!!!!!!!!!!!!!

Could you answer as fast as you can, please?

Regards, xdanx

i THINK it's 15 cz they said they postponed it..

I do believe it was postponed again, so I am not sure when it is now.

I have no clue when WWII starts… but i do have the web pages… i believe its the same as WWI … so for those of you who require the pages i will send out only your team pages for now until it is declared by the admins the start of WWII

It seems that team red sky has not put their site back to the same prior location but the other 3 teams still have them up.

i'm sure the orignal date was the 15th but its postponed until the teams are all ready, i think.

1. I want to tell you that sky[our team leader] is on hollyday……
2. As you say it looks like that WW have started since today :o:o:o:o:o
3. I think that at least one admin should speak with Deshoules [or something like that] …. because sky said that he is the new leader.

So…..could an admin speak with deshoules….plz?????????

xdanx

The problem is that there is no sign of this!!!!!!!!!!! I don't complain but………don't you think that there would be less confusion if you'll put a sign or somethink saying that WW started and it will finish on date xxxx ? ……. but this is only a suggestion. You should do what you consider is the best.

Also i really can't find the links to the other WW sites. I think i lost them :(.Could anyone Pm to me , please……… :)

Regards, xdanx B)

Cool post-poned agian quite lucky :D

Grindordie wrote: WebWars hasnt started yet. Bcuz only one team finished their website Untill atleast 3 teams have made their website WEBWARS is postponed

redsky is done;

Hey teams, don't be so lazy, it isn't so hard to program regular site with exploit…

Team Scanks is done.

Ok….thank for the answer B):). So only 2 teams have finished their sites…….. hmmm

wait, where are the site links? I never found them!

shadow i don't think the links well be givein untill all three pages are done. so that means no knows the site of anyothers and no can have an un fair advantage.

this looks cool, i want a go, but im much of a beginner to participate

ill carry on for a while before i try :)

I have a small [or big for me :@] problem…………..

I remained in Bucharest on 15-17 because i thought WW II would start. I couldn't stay longer………. So i left. Now i'm not in bucharest ……….. i am in a net cafe 400 km away from where i live. I'm staying to my grandparents where i don't have an internet connection . i'll come back on 22 August . I'm not complainig but……… i say you should skhedule the next evening better.

If you'll put the next event on 20 of August Ii think i'll participate too

Well, it's not like it was their fault that the teams didn't get their pages done. They set a date, most teams didn't meet that date, there's nothing they could have done, except to post-pone the event.

So, what is with web wars now, I think the teams should be reorganisate (if needed), and than we need new date. Hope I didn't program our web site for nothing because I put more than 20 hours into it!

yes you did a great job to slodave!!!! I think we should send out an email or something to the creators of the teams.

yeah seriously. maybe at least get from them a precentage on how far they are.

I would like to be a judge I think it would help me l;earn more about hacking

I don't mean this as an insult, but I see little reason to believe being a judge would help you learn more than actually getting out and participating.

ANYWAY. I think there should be points awarded for site creation as well as site defacement. Maybe two whole sides to the WW system,

the sites arn't set up to look good

I would like to join in, if it's not too late. This sounds really fun.

So is Web Wars going to start up again? There was one planned during the summer, but it got pushed back because nobody had the time… Was this an indefinite delay?

before webwars starts, theres gonna be another compeition.. King of the Hill.

we were going to release this when we switched to the new HBH. however this could be like a month or maybe more. SO im thinking about releasing it now.

what do poeple think?

I'm game ;)

How could a rookie like me get involved to learn more about hacking

When is the next web wars?

im game or king of the hill.

I read the previous posts. So yea when is king of the hill going to start?

im adding exploits to the site at the moment, hopefully by the end of next weekend it should be ready

Im looking at joining, someone have info?

infernoclan@gmail.com Absent Crisis X

I would also like to join a team. Preferably one that can take some time to teach how to do these things.

Please PM me

Can we, instead of putting a security hole IN THE WEBSITE, create, for example, an application that is downloadable (Few kb, not more) and need to be cracked to access a certain information (lets say user and pass) ?;):):pB):D

that's boring, stax, why not just do Rooting 1 (if u so badly want to crack an application for a password) – instead of doing a somewhat realistic challenge.

When is webwars or king of the hill gonna happen?

netfish wrote: that's boring, stax, why not just do Rooting 1 (if u so badly want to crack an application for a password) – instead of doing a somewhat realistic challenge.

No, I mean, I created the website of my team (Implosion) and I don't want to put a security hole in my code….Like in an application that would ask for a password and, if the pass is correct, give you the link to the Admin Panel.

Can Anyone please answer ? :(

I must admit I'm a bit of a Skiddie but I think it will be intresting to learn from some Hacking Guru. So when the Net Wars competition is starting, please could somebody PM me so I can join a team. Or my email is jackfoxcroft AT hotmail DOT com

Is Web Wars II still happening? Whats going on with it?

It kinda died because no one can keep a team with a site together for long enough if we could get 5 teams with sites I'm sure it would happen.

It's very hard to organise, especially creating a CMS for each team. They aren't coded that quickly.

^ and that man is talking from experience ^:)

Well, implosion got one, coded by…..tadadadadadadadadadada……ME !, so, theres a team…4 other now…I mean, cmon, if these guy really wanted to be in webwars II, they would already have a site !…Its been like 4 months now !:xx:

Ive got one going. No login system yet but its still a page that is going. So we need 3 more teams now! lol.

team DCS that i am part of, which Deathrape is the leader of, we have had our site up for quite a long time. so we need 2 more teams.

im fairly sure hbh isnt doign web wars, could be wrong, cheese would you like to confirm any thing?

um pretty sure that HBH isnt doing Web Wars seeing as Zine is doing King Of The Hill and my other site Hackers Reign is doing Web Wars before december with a little twist. So if you make the cut for HR then you can join in on the webwars event :)

mozzer wrote: It's very hard to organise, especially creating a CMS for each team. They aren't coded that quickly.

IUt took me 1 week (5 hours) to write mine and 2 days (1.5 hours) to write the shell of one for another team…

If people would just write their %$#$%^ code with a decent amount of efficiency, we'd be doing WWIII right now. But no, we're still waiting for hitler to pwn europe in WWII

Chislam: I am deathrape. My old account mysteriously disappeared from the DB after I posted that thread questioning the legitimacy of hacktivism in it's current form. I'm a huge Thoreau fan, but there's a different between an excuse and a cause. So, this is my new account.

If anyone needs a site, I'll send you a shell. It's not perfect, but securing it should only take an hour or so minutes for a competant programmer and maybe 20 minutes for a slightly gifted programmer. It is commented out the wazoo. PM me if you need it.

darkstock wrote: IUt took me 1 week (5 hours) to write mine and 2 days (1.5 hours) to write the shell of one for another team…

If people would just write their %$#$%^ code with a decent amount of efficiency, we'd be doing WWIII right now. But no, we're still waiting for hitler to pwn europe in WWII

We are also waiting on America to pwn hitler..

spyware wrote: [quote]darkstock wrote: IUt took me 1 week (5 hours) to write mine and 2 days (1.5 hours) to write the shell of one for another team…

If people would just write their %$#$%^ code with a decent amount of efficiency, we'd be doing WWIII right now. But no, we're still waiting for hitler to pwn europe in WWII

We are also waiting on America to pwn hitler..[/quote]

Yeah, and the advent of the nuke. Man, WWIII is gonna be so much more kick ass than WWII. WWII only had 2 nukes. WWIII will have millions.

WEB WARS IS STARTING - December 2-3

Go the the teams forum for more information.

Well you know how you say that backdoors can be uploaded.. well would'nt the team just upload a page where they enter the pass and it resets the whole site requiring the other team to hack into it again..? I mean would that be allowed? or what?