In playing the contract consultant game over the years, I’ve become accustomed to verbal and written skills assessment tests, but until recently, I’d never had anyone present a question like this: “Optional – Extra Credit – Create an account on http://www.hackthissite.org and complete levels 1 through 4 of the Basic Web Hacking Challenge and explain how you figured out each level.” Sounds like fun, I thought, and it makes sense: If you want to know how well a guy can protect your network, see if he knows how a hacker would attack it. So I headed on over to the site. Having never been there, I didn’t know what to expect; I was greeted with this:
Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker war games site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
I created an account, logged in and proceeded to the “Basic Missions” section; their are 11 of them, and I was to complete the first four. At level one, the challenge reads, “This level is what we call ‘The Idiot Test.’ If you can’t complete it, don’t give up on learning all you can, but don’t go begging to someone else for the answer, that’s one way to get you hated/made fun of. Enter the password and you can continue.”
Though they call it “The Idiot Test,” it’s not as simple as you might think. You’ll find the solution interesting. Try it for yourself, post your comments and check back in a day or so; I’ll be posting my analysis and solutions to each level, eventually covering all 11 basic missions.
In the meantime, have a safe and enjoyable Labor Day weekend.