WeChall v4

Again i have upload the latest version.

You can see the complete changelog here.

Here is a description of the most important changes:

[+] GPG Encryption and Signing for Emails - You can store your public key on wechall now, so all email sent to you by the scripts can be encrypted.

[x] Obfuscating public mail addresses now. - Your plain email address is now obfuscated. There is also a script/option that can send you email without spoiling your address. It`s opt-in, of course.

[-] The Session table got lost. The cookie on wechall changed it`s format. This might be of interest for the programming challs.

[+] There is a new challenge: /challenge/training/php/lfi/up/index.php

If you find bugs, please report them

Happy Challenging!


EDIT:
[x] CRITICAL: Local File Inclusion bug has been fixed in GWF2 core (index.php?mo=WeChall&me=../../..<lfi>)
There was a local file inclusion bug that could have rooted the box. shame on me

[x] CRITICAL: Information disclosure: db_backup.sh was publicy visible and revealed dbuser+dbpass (thx noother)
noother found that you could access db_backup.sh globally, which revealed the dbuser+dbpass.

Again i have uploaded the latest version of wechall (changelog).

And here are the most important changes:

New Challenge: MD5.SALT (Simple sql injection, a bit logic, fun and cracking)
New Challenge: PHP 0817 (Very (too) easy PHP/Exploit)

Also there is now a bruteforce protection for many challenges with a default solutionbox. Thanks go out to tehron for this idea

Quote from news

synapse reached 100% on hax.tor.hu after of being linked, starting from 100.00%.
grimskies reached 100% on Security Traps after of being linked, starting from 100.00%.

The news page seems to be broken ;)
"after of being linked" ?

btw gizmore did you draw the quote-bbcode button on your own?

Thank you for the helpful report, it has been hotfixed short after your post!

To answer your question: "Yes, i have drawn the quote icon myself... beautiful, isn't it?"

Finally i have uploaded the latest stuff, and also installed some more training challenges.
I hope you like having more training challenges and enjoy them.

The most important change/bugfix is the following (from changes.txt):
[x] When you solve a challenge all the now available threads are unread. - I completely changed the way forum threads are unread. Hopefully you will not notice any change

And here are the new challenges:

Caesar I (basic crypto training)
Caesar II (basic crypto training)
Substitution I (basic crypto training)
Substitution II (basic crypto training)
Digraphs (basic crypto training)
Transposition I (basic crypto training)

and a new exploit training challenge:

Auth Bypass I (basic exploit training)


I wish you all
Happy Challenging!

And again i did enjoy some work on wechall4.

Here are the most important changes.txt explained:

[+] Make more use of the site_irc column and startup client on_click.
=== You can now open irc chat via mibbit for a site with one click. The button resides in site_details.

[x] https://wechall.net redirected to http://www.wechall.net (thx Guest)
=== Thanks to a shoutbox guest https://wechall.net now redirects correctly to https://www.wechall.net... remember to use https on wechall for best security

[x] Profile challenges were not sortable (thx Phaneus)
=== New table for challenges in profile. You can now sort a users challenge table in profile and also sort by solve date.

and... last but not least:

[+] Country ranking by Score/Population (thx Z)
There is a new column in Country Ranking by SpC.
Thanks go also to shadum for supporting me with a nice population table.
Read the --> idea thread <--

I wish you all
Happy Challenging!

Edit: It is called SpC (Score per citzen)

Santa was a bit late this year, but he brought us a few gifts as well.
The best of latest changes.txt:

[+] Default color for the sites in statgraphs (thx freeartman) - There is now a default color for a site's graph.
[+] 2 new challenges WWW-Robots, SteganoLSB.
[+] Allow to compare 2 users in the stats graph (thx Kender)
[+] made bbcode helper better (thx paipai) - It is now easier to add "code tags"
[+] new Advanced UserSearch
[+] Webspider / Crawler detection by IP - Webcrawlers should now be detected and consume less sessions.
[x] UserProfile Popups were misplaced a lot (thx paipai)

... and a lot other minor bugfixes....


Edit: Oh and i changed the scoring. The sites basescore gets added 25 * challengecount now, like in the original wechallV3. The last months the multiplier was set to 10.

Edit2: I have reset the Crackcha Challenge. It should now be impossible or very very boring by hand.The goal is to write a captcha cracker and there is also a highscore for average success values on your attemps.


Happy Challenging!

Again i have uploaded the latest stuff, and hopefully did not break anything.
As always you can see the latest changes in /changes.txt.

The most important thing this time are two new challenges:

Crypto: GPG will require you to setup GPG encryption for wechall emails.
Stegano: Attachment is a rather old technique of appending arbitary data to jpeg images.

Thanks go out to all people who help to improve the site!
Your feedback is very welcome and gets credited

Happy Challenging!

Another update has been uploaded.

Mostly tiny changes and fixes in the changes.txt, but i will explain here in more detail:

[+] SiteHistory table: date username comment (thx FreeArtMan) - There is now a new table for sites, like last activity.

[x] Fixed GPG setup. Only --armor / ascii format is working because of PHPGPG bug (thx phoenix1204) - I added an error message for wrong gpg public key formats. This seems to be an error in the phpgpg bindings. This fixes the GPG challenge too.

[+] You can now have multiple sessions for your account. - You can now have multiple sessions, keep that in mind when writing your scripts and bots. I introduced this because some peoples like everlasting sessions, and have more than one "workplace"

[+] Profile stuff: Favorite categories, IRC contact, Disallow Robots, Bugfixes (thx space) - There is new stuff in you profile and wechall settings. Most interesting is maybe "Favorite Categories" for your account.

[+] Allow to clear login history (thx space) - You can now clear your login history after login. The last deletion is recorded.

I hope i did not break anything, and wish you Happy Challenging!

Quote from Gizmore

Jan 14, 2011 - 19:26:46

[+] You can now have multiple sessions for your account. - You can now have multiple sessions, keep that in mind when writing your scripts and bots. I introduced this because some peoples like everlasting sessions, and have more than one "workplace"

Yay!

This was actually possible before if you manually edited cookies, but this is much nicer.