24 Hour Live Hacking Challenge - The HP Security Laboratory Blog -
The HP Security Laboratory Blog » 24 Hour Live Hacking Challenge
24 Hour Live Hacking Challenge

Join us at the HP Application Security virtual booth for a 24 hour live web hacking challenge where you will have a chance to advance through more than 10 levels of increasing difficulty.  Participants attempt to break the login protection mechanisms at each level and gain experience in conducting attacks as a hacker would. Learn how simple techniques can compromise web applications. All of the security defects in the application are based on real world mistakes web developers make.

Register to attend at http://hpappsshow.virtualeventscentral.com/uc/registration-short-form.php.

Posted 09-02-2009 8:29 PM by mark.painter
Filed under: ,

Comments

saktisingh wrote re: 24 Hour Live Hacking Challenge
on 09-03-2009 6:52 AM

want to learn hacking

camera strap wrote re: 24 Hour Live Hacking Challenge
on 09-05-2009 5:43 AM

HI Mark Painter...

Hey mark i will join the HP Application Security virtual booth and also i used it for sometime.. Man its so tremendous and complicated but its fantastic so thanks for providing the site..

whips04r wrote re: 24 Hour Live Hacking Challenge
on 09-07-2009 2:31 AM

Will this booth be open for the rest of the world, not just USA? 24hours would cover 1 day for USA, but not the entire duration of the HP Virtual Tour conference, which is available for the entire world...

mark.painter wrote re: 24 Hour Live Hacking Challenge
on 09-08-2009 3:01 PM

I do believe the Hacking Challenge will be available the entire duration of the virtual event. I will have another blog post and a lot more information on this later in the week.

Thanks!

mp

whips04r wrote re: 24 Hour Live Hacking Challenge
on 10-09-2009 12:06 AM

Am really interested to know how one would pass level 8! I saw a few peeps got it but all my attempts were in vain :( I had to resort to exploiting (seemingly existent) logic flaws in the scoring functionality whereby I hopefully overwrote the email address of some winners - am still waiting to receive my prize :)

matt wood wrote re: 24 Hour Live Hacking Challenge
on 10-09-2009 7:53 PM

In order to pass the 8th level, you had a view the source code and read the HTML comments. The comments suggested there was a debug mode, the intuition here would have been to try requesting the page with some kind of debug mode enabled. This turned out to be enabled by just requesting the page with a query parameter named debug.

Unfortunately for your attempts to exploit the email system... the email address was only recorded once, the other times it was just kinda ignored :)

whips04r wrote re: 24 Hour Live Hacking Challenge
on 10-12-2009 4:22 AM

Gah! I swear I did try debug as a GET parameter name, guess I forgot to check the HTML source :( Went so far as to install FirePHP ontop of FireBug with the hope that'd turn debug mode on. I hate you guys for making such a secure challenge :)

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

Type the numbers and letters above:
Privacy Statement
Powered by Community Server (Non-Commercial Edition), by Telligent Systems