Username: 
Password: 
Restrict session to IP 

WeChall v4

1 2 3 4 5 6 7
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
Again i have upload the latest version.

You can see the complete changelog here.

Here is a description of the most important changes:

[+] GPG Encryption and Signing for Emails - You can store your public key on wechall now, so all email sent to you by the scripts can be encrypted.

[x] Obfuscating public mail addresses now. - Your plain email address is now obfuscated. There is also a script/option that can send you email without spoiling your address. It`s opt-in, of course.

[-] The Session table got lost. The cookie on wechall changed it`s format. This might be of interest for the programming challs.

[+] There is a new challenge: /challenge/training/php/lfi/up/index.php

If you find bugs, please report them Smile

Happy Challenging!


EDIT:
[x] CRITICAL: Local File Inclusion bug has been fixed in GWF2 core (index.php?mo=WeChall&me=../../..<lfi>)
There was a local file inclusion bug that could have rooted the box. shame on me Smile

[x] CRITICAL: Information disclosure: db_backup.sh was publicy visible and revealed dbuser+dbpass (thx noother)
noother found that you could access db_backup.sh globally, which revealed the dbuser+dbpass.
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Oct 08, 2010 - 03:32:22
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
Again i have uploaded the latest version of wechall (changelog).

And here are the most important changes:

New Challenge: MD5.SALT (Simple sql injection, a bit logic, fun and cracking)
New Challenge: PHP 0817 (Very (too) easy PHP/Exploit)

Also there is now a bruteforce protection for many challenges with a default solutionbox. Thanks go out to tehron for this idea Smile
The geeks shall inherit the properties and methods of object earth.
Global Rank: 32
Totalscore: 313758
Posts: 182
Thanks: 182
UpVotes: 205
Registered: 16y 294d
livinskull`s Avatar





Last Seen: 1d 23h
The User is Offline
RE: WeChall v4
Google/translate2Thank You!1Good Post!0Bad Post! link
Quote from news

synapse reached 100% on hax.tor.hu after of being linked, starting from 100.00%.
grimskies reached 100% on Security Traps after of being linked, starting from 100.00%.


The news page seems to be broken ;)
"after of being linked" ? Happy

btw gizmore did you draw the quote-bbcode button on your own? Happy
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
Thank you for the helpful report, it has been hotfixed short after your post!

To answer your question: "Yes, i have drawn the quote icon myself... beautiful, isn't it?" Drool
The geeks shall inherit the properties and methods of object earth.
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
Finally i have uploaded the latest stuff, and also installed some more training challenges.
I hope you like having more training challenges and enjoy them.

The most important change/bugfix is the following (from changes.txt):
[x] When you solve a challenge all the now available threads are unread. - I completely changed the way forum threads are unread. Hopefully you will not notice any change Smile

And here are the new challenges:

Caesar I (basic crypto training)
Caesar II (basic crypto training)
Substitution I (basic crypto training)
Substitution II (basic crypto training)
Digraphs (basic crypto training)
Transposition I (basic crypto training)

and a new exploit training challenge:

Auth Bypass I (basic exploit training)


I wish you all
Happy Challenging!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
And again i did enjoy some work on wechall4.

Here are the most important changes.txt explained:

[+] Make more use of the site_irc column and startup client on_click.
=== You can now open irc chat via mibbit for a site with one click. The button resides in site_details.

[x] https://wechall.net redirected to http://www.wechall.net (thx Guest)
=== Thanks to a shoutbox guest https://wechall.net now redirects correctly to https://www.wechall.net... remember to use https on wechall for best security Smile

[x] Profile challenges were not sortable (thx Phaneus)
=== New table for challenges in profile. You can now sort a users challenge table in profile and also sort by solve date.

and... last but not least:

[+] Country ranking by Score/Population (thx Z)
There is a new column in Country Ranking by SpC.
Thanks go also to shadum for supporting me with a nice population table.
Read the --> idea thread <--

I wish you all
Happy Challenging!

Edit: It is called SpC (Score per citzen) Smile
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Nov 30, 2010 - 23:32:19
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
Santa was a bit late this year, but he brought us a few gifts as well.
The best of latest changes.txt:

[+] Default color for the sites in statgraphs (thx freeartman) - There is now a default color for a site's graph.
[+] 2 new challenges WWW-Robots, SteganoLSB.
[+] Allow to compare 2 users in the stats graph (thx Kender)
[+] made bbcode helper better (thx paipai) - It is now easier to add "code tags"
[+] new Advanced UserSearch
[+] Webspider / Crawler detection by IP - Webcrawlers should now be detected and consume less sessions.
[x] UserProfile Popups were misplaced a lot (thx paipai)

... and a lot other minor bugfixes....


Edit: Oh and i changed the scoring. The sites basescore gets added 25 * challengecount now, like in the original wechallV3. The last months the multiplier was set to 10.

Edit2: I have reset the Crackcha Challenge. It should now be impossible or very very boring by hand.The goal is to write a captcha cracker and there is also a highscore for average success values on your attemps.


Happy Challenging! Smile
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Dec 27, 2010 - 00:19:44
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
Again i have uploaded the latest stuff, and hopefully did not break anything.
As always you can see the latest changes in /changes.txt.

The most important thing this time are two new challenges:

Crypto: GPG will require you to setup GPG encryption for wechall emails.
Stegano: Attachment is a rather old technique of appending arbitary data to jpeg images.

Thanks go out to all people who help to improve the site!
Your feedback is very welcome and gets credited Smile

Happy Challenging!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 227
Totalscore: 94360
Posts: 1682
Thanks: 1359
UpVotes: 920
Registered: 16y 311d




Last Seen: 14h 37m
The User is Offline
RE: WeChall v4
Google/translate1Thank You!1Good Post!0Bad Post! link
Another update has been uploaded.

Mostly tiny changes and fixes in the changes.txt, but i will explain here in more detail:

[+] SiteHistory table: date username comment (thx FreeArtMan) - There is now a new table for sites, like last activity.

[x] Fixed GPG setup. Only --armor / ascii format is working because of PHPGPG bug (thx phoenix1204) - I added an error message for wrong gpg public key formats. This seems to be an error in the phpgpg bindings. This fixes the GPG challenge too.

[+] You can now have multiple sessions for your account. - You can now have multiple sessions, keep that in mind when writing your scripts and bots. I introduced this because some peoples like everlasting sessions, and have more than one "workplace" Smile

[+] Profile stuff: Favorite categories, IRC contact, Disallow Robots, Bugfixes (thx space) - There is new stuff in you profile and wechall settings. Most interesting is maybe "Favorite Categories" for your account.

[+] Allow to clear login history (thx space) - You can now clear your login history after login. The last deletion is recorded.

I hope i did not break anything, and wish you Happy Challenging!
The geeks shall inherit the properties and methods of object earth.
Global Rank: 68
Totalscore: 227675
Posts: 245
Thanks: 420
UpVotes: 281
Registered: 15y 362d
shadum`s Avatar







Last Seen: 158d 19h
The User is Offline
RE: WeChall v4
Google/translate2Thank You!2Good Post!0Bad Post! link
Quote from Gizmore
Jan 14, 2011 - 19:26:46

[+] You can now have multiple sessions for your account. - You can now have multiple sessions, keep that in mind when writing your scripts and bots. I introduced this because some peoples like everlasting sessions, and have more than one "workplace" Smile


Yay!

This was actually possible before if you manually edited cookies, but this is much nicer. Smile
1 2 3 4 5 6 7
Skygrinder, Bejker, flipp, tunelko, John W, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 21142 times.