www.try2hack.nl

very cool site, it's a kind of a game, there are a certain amount of levels witch you have to hack (or use tools to get the pswd), once you get the pass/username you go to the next level, I'm at level three.

Try it out and tell me how far you can come!

Just press the start button on the right side.

Why does level 1 ask for a password, I can't even hack good enough to start on level 1 lol

I can't do it:(

i got it, i got it into front page, and i viewed source :P :P :P :P

nevermind, i used the source, i thought it was a different type of game lol

I guess you guys are going to be stuck at number 2 for a while :)

I got stuck at level 3 too...

thats a pretty cool idea

ya nr 1,2 are pretty logic, just can't seem to figure out what i should do at nr 3...

how can you get by 2.

I can't do 2.. :(
I figured out the password, but not the user

28, the password isn't in the source... it's just there to get you stuck.

ohhhh

well thats obnoxious

i used an swf decompiler

doh ahmed... shh!!!

i new that that would work, but i just need to know the pass word and user name.....................................

hint hint

txtUsername == "try2hack" && txtPassword == "irtehh4x0r!"

im stupuid.. i only got level1...
lol

Level 3 is a ******, I thought I had it for a second, but it was a fake page saying it wasn't that easy!

dan wehre did you find that?

level three is so hard!

I can't hack :( lol

- Soul :s:

yeah, I guess we all have to cooperate to get thru level 3

Argh... Thought I had level three for a minute too, but it says the server is down...

haha we crashed he server.. hehe jk

lol some one found the wrong password :P :P :P :P

Level 1:
password: h4x0r

Level 2:
username: try2hack
password: irtehh4x0r!

Level 3:
password: ??? (thats not the password, i just dont know it)

lol, i shouldn't have given the link out :P now it's so packed even so even i can't get on it...

Source on level 3:


<script language="JavaScript">
<!--
pwd = prompt("Please enter the password for level 3:","");
if (pwd==PASSWORD){
alert("Allright!\nEntering Level 4 ...");
location.href = CORRECTSITE;
}
else {
alert("WRONG!\nBack to disneyland !!!");
location.href = WRONGSITE;
}
PASSWORD="AbCdE";
CORRECTSITE="level4-sfvfxc.xhtml";
WRONGSITE="http://www.disney.com";
//-->
</script>

I go to the CORRECTSITE ( http://www.try2hack.nl/levels/level4-sfvfxc.xhtml ) and get this:
------------------------------------------------------
NOT LEVEL 4

It isn't this easy. Try again :)
------------------------------------------------------
Teasing little bastard!

I tried that too.. and then I cried

hahaha, annoying little ***** :=

****it if i could only get a hold of my friend, he knows a guy who has gotten to level 5...

I believe you have to use some external tool tho...
maybe search google for some javascript prompt messaging decoder thingy whatever=?!

i tried all the above too.. there gotta be a way to crack it though :P

how did you even get the source?

what you mean, that part was easy. . . .

when it says its wrong and its going to take you back to disney just hit the escape button a few times to stop the browser and when the prompt is gone view the source.

<strike>I FOUND IT!
http://su2.info/doc/try2hack_solutions.php

but here it is: TheCorrectAnswer</strike>
try if you want but its an old site :(

aww how lame mdipi.com!

i edited when you posted read it^^

OH YEAH BABY! Okay i viewed the source, found this line of code:
script src="JavaScript"

okay, the page searches for a file called JavaScript, so i entered the URL

www.try2hack.nl/levels/JavaScript

and the password says: try2hackrawks

OH YEAH LEVEL 4!

what line?! i cant see it! please!

Okay something screwed up with my browser, anyways the password is try2hackrawks

Oh really, I think it just jacked up the tables in the thread :P lol cooool looking now! :P

I fixed it s-fx; Inserting a javaScript comment without using the PHP/Code/AS button will do that every time :)

Cheers!
Kirupa :ninja:

By the way how did you find it?

[ EDIT: Nevermind I just saw your post above. ]

the guy at the site i posted explined it...but it was the wrong link, anyway i found this, they decompiled the .exe...err...this will be hard...http://milov.nl/entry/502

Noooooo, a java applet, ok im done. . . . .

im at level 9

lol i cant get it either
it calls this:

KIRUPA: Removed the problem applet :)

Okay, level 4...

Way down the source you can find ( code =" PasswdLevel4.class " )

http://www.try2hack.nl/levels/PasswdLevel4.class

enter that in and you can download the file, now we have to decompile it, so get a JAVASCRIPT decompiler....

good job mdipi lol

its not javascript
its java. andi posted that link lol, but i included the wrong tags lol.

http://download.com.com/3120-20-0.html?qt=Java+Decompilers&tg=dl-2001

Oh well, Im off to bed.. ill try some more tomorrow

Here's whats new with level 4 tho, keep trying

(Here's the sourcecode for PasswdLevel4.java)


import java.applet.Applet;
import java.applet.AppletContext;
import java.awt.*;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.*;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.EventObject;

public class PasswdLevel4 extends Applet
implements ActionListener
{

public PasswdLevel4()
{
inuser = new String[22];
totno = 0;
countConn = null;
countData = null;
inURL = null;
txtlogin = new TextField();
label1 = new Label();
label2 = new Label();
label3 = new Label();
txtpass = new TextField();
lblstatus = new Label();
ButOk = new Button();
ButReset = new Button();
lbltitle = new Label();
}

void ButOk_ActionPerformed(ActionEvent actionevent)
{
boolean flag = false;
for(int i = 1; i <= totno / 2; i++)
if(txtlogin.getText().trim().toUpperCase().intern( ) == inuser[2 * (i - 1) + 2].trim().toUpperCase().intern() && txtpass.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 3].trim().toUpperCase().intern())
{
lblstatus.setText("Login Success, Loading..");
flag = true;
String s = inuser[1].trim().intern();
String s1 = getParameter("targetframe");
if(s1 == null)
s1 = "_self";
try
{
finalurl = new URL(getCodeBase(), s);
}
catch(MalformedURLException _ex)
{
lblstatus.setText("Bad URL");
}
getAppletContext().showDocument(finalurl, s1);
}

if(!flag)
lblstatus.setText("Invaild Login or Password");
}

void ButReset_ActionPerformed(ActionEvent actionevent)
{
txtlogin.setText("");
txtpass.setText("");
}

public void actionPerformed(ActionEvent actionevent)
{
Object obj = actionevent.getSource();
if(obj == ButOk)
{
ButOk_ActionPerformed(actionevent);
return;
}
if(obj == ButReset)
ButReset_ActionPerformed(actionevent);
}

public void destroy()
{
ButOk.setEnabled(false);
ButReset.setEnabled(false);
txtlogin.setVisible(false);
txtpass.setVisible(false);
}

public void inFile()
{
new StringBuffer();
try
{
countConn = inURL.openStream();
countData = new BufferedReader(new InputStreamReader(countConn));
String s;
while((s = countData.readLine()) != null)
if(totno < 21)
{
totno = totno + 1;
inuser[totno] = s;
s = "";
} else
{
lblstatus.setText("Cannot Exceed 10 users, Applet fail start!");
destroy();
}
}
catch(IOException ioexception)
{
getAppletContext().showStatus("IO Error:" + ioexception.getMessage());
}
try
{
countConn.close();
countData.close();
return;
}
catch(IOException ioexception1)
{
getAppletContext().showStatus("IO Error:" + ioexception1.getMessage());
}
}

public void init()
{
setLayout(null);
setSize(361, 191);
add(txtlogin);
txtlogin.setBounds(156, 72, 132, 24);
label1.setText("Please Enter Login Name & Password");
label1.setAlignment(1);
add(label1);
label1.setFont(new Font("Dialog", 1, 12));
label1.setBounds(41, 36, 280, 24);
label2.setText("Login");
add(label2);
label2.setFont(new Font("Dialog", 1, 12));
label2.setBounds(75, 72, 36, 24);
label3.setText("Password");
add(label3);
add(txtpass);
txtpass.setEchoChar('*');
txtpass.setBounds(156, 108, 132, 24);
lblstatus.setAlignment(1);
label3.setFont(new Font("Dialog", 1, 12));
label3.setBounds(75, 108, 57, 21);
add(lblstatus);
lblstatus.setFont(new Font("Dialog", 1, 12));
lblstatus.setBounds(14, 132, 344, 24);
ButOk.setLabel("OK");
add(ButOk);
ButOk.setFont(new Font("Dialog", 1, 12));
ButOk.setBounds(105, 156, 59, 23);
ButReset.setLabel("Reset");
add(ButReset);
ButReset.setFont(new Font("Dialog", 1, 12));
ButReset.setBounds(204, 156, 59, 23);
lbltitle.setAlignment(1);
add(lbltitle);
lbltitle.setFont(new Font("Dialog", 1, 12));
lbltitle.setBounds(12, 14, 336, 24);
String s = getParameter("title");
lbltitle.setText(s);
ButOk.addActionListener(this);
ButReset.addActionListener(this);
infile = new String("level4");
try
{
inURL = new URL(getCodeBase(), infile);
}
catch(MalformedURLException _ex)
{
getAppletContext().showStatus("Bad Counter URL:" + inURL);
}
inFile();
}

private URL finalurl;
String infile;
String inuser[];
int totno;
InputStream countConn;
BufferedReader countData;
URL inURL;
TextField txtlogin;
Label label1;
Label label2;
Label label3;
TextField txtpass;
Label lblstatus;
Button ButOk;
Button ButReset;
Label lbltitle;
}


I believe this sh-it has something to do with



{
inURL = new URL(getCodeBase(), infile);
}
catch(MalformedURLException _ex)
{
getAppletContext().showStatus("Bad Counter URL:" + inURL);
}
inFile();
}

i was just agout to post that, i think i almost got it, then i am off to bed too. if i get it i will post!

but look at this, its the if statement on what to display:



public PasswdLevel4()
{
inuser = new String[22];
totno = 0;
countConn = null;
countData = null;
inURL = null;
txtlogin = new TextField();
label1 = new Label();
label2 = new Label();
label3 = new Label();
txtpass = new TextField();
lblstatus = new Label();
ButOk = new Button();
ButReset = new Button();
lbltitle = new Label();
}

void ButOk_ActionPerformed(ActionEvent actionevent)
{
boolean flag = false;
for(int i = 1; i <= totno / 2; i++)
if(txtlogin.getText().trim().toUpperCase().intern( ) == inuser[2 * (i - 1) + 2].trim().toUpperCase().intern() && txtpass.getText().trim().toUpperCase().intern() == inuser[2 * (i - 1) + 3].trim().toUpperCase().intern())
{
lblstatus.setText("Login Success, Loading..");
flag = true;
String s = inuser[1].trim().intern();
String s1 = getParameter("targetframe");
if(s1 == null)
s1 = "_self";
try
{
finalurl = new URL(getCodeBase(), s);
}
catch(MalformedURLException _ex)
{
lblstatus.setText("Bad URL");
}
getAppletContext().showDocument(finalurl, s1);
}

if(!flag)
lblstatus.setText("Invaild Login or Password");
}

Yeah but you dont get the password or the username because the file calls for another file, just have to get the filename...

lol, s-fx now doing this site makes you a genuine "h4x0r"? :P anyway, have you guys gotten to the one where you have to decompile that visual basic one? have fun with that.

you guessed it thor! :)

im like super 1337 h4x0r now :P

yay level 4 completed! :)
-----------------------------
level5-fdvbdf.xhtml
appletking
pieceofcake
-----------------------------

i got thru the visual basic one to after like 3 hours :P

Here's level 6

http://www.try2hack.nl/levels/level6-kdsvbd.xhtml

this isnt funny, there actually isnt some social engineering :trout: that would add a whole new dimension

sfx how did oyu get the applet one? and the vb one? boy oh boy lol.

the applet one was pretty easy, a file was called for in the source so i checked it out, downloaded the .class Java file from the homepage.

Decompiled the .class file and it said

infile: new String("level4")

so i went to www.try2hack.nl/levels/level4 - viewed the source and there it was!

the visual basic one was hard, took me a couple of hours...
anyways, i downloaded the file (program actually), decompiled it, got a few files, checked them out to see if there was any things that indicated what the password could be, so in one file there was a code something like this:

if txtpassword = (gc0006,54,1,).gc0006,37,1,).gc0006,42,1,)gc0006,5 8,1,)

and in another file it said

gc0006 = 0123456789abcdefgihjklmnopqrstuvwxyzABCDEFGHIJKLMN OPQRSTUVWXYZ/()[]\etc..

so i just took the numbers from the original file: if txtpassword = (gc0006,54,1,).gc0006,37,1,).gc0006,42,1,)gc0006,5 8,1,)

and matched the numbers (54,37,42,58) in the long line of letters and numbers to get the answer (eg 11,12,13 gives abc).