2007-02-25

ngsec game #3 level 2

Wohoo got it. This level is a timing attack. After guessing the username, the error page will show you what the password was supposed to be. It changes way to fast to just resubmit the password, so you have to figure out what the password is supposed to be and submit that...

Think timezone, curl, and md5.

2 comments:

Nicholas said...
This comment has been removed by the author.
Nicholas said...

Okay, more for those who are interested in this level:

Lynx or w3m can be used so you can enter your username and password without jumping through a bunch of hoops.

Make sure your system time is sync'd up.. I used the linux command:

sudo ntpdate 132.163.4.101


Thanks syndrowm, this level was easy with your help!