Information, security

by ash

OK nerds .. put your customised WoW keyboards away!! You don’t need to shell out cash for that winged pegasus to take you to an imaginary land of orcs here!!

Here’s a cool new game that you can play .. it’s a hacking game with a story!

About hacxkor

Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc

Features:

• Client attack simulation using HtmlUnit; no alert(‘xss’) here.
• Smooth difficulty gradient from moderately easy to fiendishly tricky.
• Realistic vulnerabilities modelled from Google, Mozilla, etc (No rot13!)
• Open ended play; progress by any means possible.

Play the online demo

The first two levels can be played online here. Since this is kindly being hosted by SourceForge, there are a couple of common sense rules:

• No automated scanners or bruteforce tools (nmap, BURP scanner, skipfish, etc)
• Only exploit http://hackxor.sourceforge.net/* (Other sites on the same IP are not fair game)

Start at wraithmail and login with algo:smurf
If you just want an SQLi challenge, see if you extract usernames&passwords from the second level

Read more about it on the hackxor site! Go and have some fun now .. Angry birds will be waiting for you when you get back!