OK, I have started this thread to serve a similar purpose to the Astrowars thread that we had a while back.

It is for members to learn about what hackthissite.org is and to post their scores etc.

Basically, it is a bunch of simulated levels and missions where you have to hack into parts of the website with varying degrees of difficulty.

So far, I am up to level 8 in the Basic Web Hacking and level 2 in the Realistic Missions. Please note that I am new to web hacking so members such as Nihilist should be able to do much better.

Well i started doing this, I am up to level 5 in webhacking and I have completed the 2nd realistic mission. I have 65 points so far

I figured I might as well have a go..

Realistic Missions [ 1,2,3,4,5,6,7,8,9 ]
Basic Web Hacking [ 1,2,3,4,5,6,7,8,9,10 ]
Application Challenges [ 1,2,3,4,5,6 ]

Anath
Ranked 39 of 29997 users with 1570 points.

Not too difficult so far, I'm looking forward to actually finding some juicy exploits in the site's code itself. :)

edited to update & make it a little less space-consuming.

I'm up to level 3 in Basic Web Hacking and 2 in Realistic Missions. Yeah, i've never hacked before.

Damn Anath...

I have now passed missions 2 and 3 and am ranked 2039 of 29928 users with 185 points.

I would highly recommend this site for anyone who is interested in learning about web hacking, they have some excellent info and articles on there and the challenges are a very good way to learn web hacking.

Cool site xyz. I've finished all of the basic web hacking challenges, and i've done 2 of the realistic missions. I'm ranked 2039 too....weird.

Its quite obvious that Im not a hacker... I cannt even get past the first level ! Anyone care to help me see what Im missing?

NVM, I figured it out. it was the first thing I tried too, but mozilla was being an ass.

Nihilist, I WAS ranked 2039, I would have moved ranks since then (new people improving or me improving).

EDIT: Yeah, I am now ranked 2049 of 29989. Must be all you forumites learning about the site and then doing better than me :p .

Was anyone else able to get the 20 point bonus in level 3 (level 3 of the realistic missions) for sending the hacker's name to the site owner? Getting the name is fairly easy but needs a bit of thorough searching.

I have now completed the all basic web hacking missions, all realistic missions, except the last one, and the first 5 application challenges. I am now ranked 70 out of 30,131

I know nothing of hacking but am interested. How would I get started, I have no clue how to pass the first basic level (The idiot test). Any help would be appreciated

load up the level 1 page making sure you're logged in and read the source code it's very clearly there.

Yep. I suck at this aswell. I got to lv 5 pretty fast but now I'm stuck. I'm trying to brute force my way into that Nazi web page but so far no luck.

Xyz, did you by any chance check the url's of the images in level 3? (I think it's a hint!)
I've got a name, and a page with some really interesting code related to a certain link there! So, am I on the right track?
Oh, and thanks a mil for telling us about this site- it's great!

EDIT: Yup, I was right! :D That's a big hint to everyone. I got the bonus, but haven't been able to complete the actual objective:confused:

T_Pyro, yes, I also got the bonus and anyone who uses a bit of patience and common sense should be able to find it.

Hang-Man, You won't get far trying to brute force that :p . Read some information about SQL Injections.

Read! to hell with that. besides, Burtus is allmost done. Only 8 months remaining....;)

Errr.... Well good luck anyway, I don't even think there is a username and password, I (and everyone else I know) used an SQL injection to trick the form into returining a false positive.

Xyz, were you able to finish the 2nd or the 3rd pasword app challenge? I got the first, hex editor reveals all, but I think the others require some disassembly. I spent an hour or two reversing some conditional jump statements, and eventually got the app to say: "The password is <whatever you had typed>" Damn!

It'd be interesting to see if this was a "honeypot" sting to trap hacker wannabe's...

or a recruitment site for top scorers

It is neither, the site clearly states that they encourage you to do these things, and that they are all there for that purpose. So if they tried to arrest you for it(assuming the people running it were cops) it would be considered entrapment. As for it being for recruitment, it's not nearly hard enough for the gov to recruit the top scorers, i'm ranked 17 right now and I know i'm not good enough for the gov to recruit me for anything.

Possibly its a method to test out the skills of the hackers that are around and give them a roadmap on how to block the attacks.
Make it a game and let the people do your work for you.

Who says it's not a recruitment tool?

Maybe not for the US government, but there are plenty of others out there.

Criminal organizations looking for potentials, NGO's with an agenda, a univeristy research project, or perhaps foreign governments looking for dupes to launch an infowar attack against the Great Satan?

Ever read "Enders Game"?

The kids were playing games, never knowing that the games were for real.

This could be an "Ender's Game" scenario.

Imagine someone with a grudge against the US setting up a series of tutorials that teach those who WANT to learn how to hack exactly how to do that, disguising it as an entertaining game. The lessons are all geared towards the true targets vulnerabilites, with dummy sites set up to simulate the vulnerabilites.

Once there's enough "H4x0Rz" who've acquired the needed skill sets, you then set up a "challange" for some prize, and set the games "challenge" as the real-world target, and watch as thousands of your custom-trained crackers proceed to tear it down, with them never knowing that they're actually attacking some vital infrastructure target.

Imagine if the power blackout in New York last year had been the result of such a "game", and was accompanied by a hundred fedaykin blowing themselves up in the crowded streets of a pitch-black city, the only light coming from burning buildings, accompanied by the booms of exploding fedaykin...can you say PANIC?

It'd be too funny if I turned out to be correct in predicting this as being an "Enders Game". :)

Yes ive read "Enders Game"
It was a good book and does get you thinking.
One option you missed was the possibility that it could be a corperation scouting for their IT security personel.
Use your enemy against your enemy.
You ever see the movie "Catch me if you can"?

"ive"?

Shouldn't it be "I've"? NBK has a fetish about that one. ;)

Why would corporations be looking to train wanna-be hackers for later recruitment? For every one that had the skills to be worth hiring they'd be creating a hundred that'd be looking for something to crack (like the corporations site) and just be creating their own problems.

Is anyone suddenly getting a thing asking for a network password when you try to access hackthissite.org?

I just tried to access that site and i was promted to give a password, and user name.

maybe the game just got harder

It was down a few days ago, maby you can only get in if you're a mod so you can work on the site. I hope they are making new challanges, (most of) the old ones were quite easy.

It's back up; except the forum. anyone have a full version of WinHex? I can't seem to find one....

Holy shit! Look at this:

"you dont have shit work do you think im that weak? you hardly know who i am or the skills i hold. even if i was stupid enough to be traced. secure deleted drives my goverment DOD standard is sweet. REAP IT BITCH. *fjears* Ahem, ya and we all know the Government has HIGH standards, you think theyd let the people have something they can't break?"

I can't make heads or tails of that, but it looks like the site got fucked over. I'm guessing it was Mcaster that did it since he was listed in the Hall of Lame and they mentioned he was plotting to mess up the site.

Edit: looks like the site's back up again.