24 Hour Live Hacking Challenge

Join us at the HP Application Security virtual booth for a 24 hour live web hacking challenge where you will have a chance to advance through more than 10 levels of increasing difficulty.  Participants attempt to break the login protection mechanisms at each level and gain experience in conducting attacks as a hacker would. Learn how simple techniques can compromise web applications. All of the security defects in the application are based on real world mistakes web developers make. 

 

Register to attend at http://hpappsshow.virtualeventscentral.com/uc/registration-short-form.php.

Comments
| ‎09-03-2009 07:52 AM

want to learn hacking

| ‎09-05-2009 06:43 AM

HI Mark Painter...

Hey mark i will join the HP Application Security virtual booth and also i used it for sometime.. Man its so tremendous and complicated but its fantastic so thanks for providing the site..

| ‎09-07-2009 03:31 AM

Will this booth be open for the rest of the world, not just USA? 24hours would cover 1 day for USA, but not the entire duration of the HP Virtual Tour conference, which is available for the entire world...

markpainter | ‎09-08-2009 04:01 PM

I do believe the Hacking Challenge will be available the entire duration of the virtual event. I will have another blog post and a lot more information on this later in the week.

Thanks!

mp

| ‎10-09-2009 01:06 AM

Am really interested to know how one would pass level 8! I saw a few peeps got it but all my attempts were in vain :smileysad: I had to resort to exploiting (seemingly existent) logic flaws in the scoring functionality whereby I hopefully overwrote the email address of some winners - am still waiting to receive my prize :smileyhappy:

matt wood | ‎10-09-2009 08:53 PM

In order to pass the 8th level, you had a view the source code and read the HTML comments. The comments suggested there was a debug mode, the intuition here would have been to try requesting the page with some kind of debug mode enabled. This turned out to be enabled by just requesting the page with a query parameter named debug.

Unfortunately for your attempts to exploit the email system... the email address was only recorded once, the other times it was just kinda ignored :smileyhappy:

| ‎10-12-2009 05:22 AM

Gah! I swear I did try debug as a GET parameter name, guess I forgot to check the HTML source :smileysad: Went so far as to install FirePHP ontop of FireBug with the hope that'd turn debug mode on. I hate you guys for making such a secure challenge :smileyhappy:

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.