pwnable.kr
Open in
urlscan Pro
128.61.240.205
Public Scan
Submitted URL: http://pwnable.kr/
Effective URL: https://pwnable.kr/
Submission: On August 23 via manual from UG — Scanned from CA
Effective URL: https://pwnable.kr/
Submission: On August 23 via manual from UG — Scanned from CA
Form analysis 3 forms found in the DOM
Name: login — POST lib.php?cmd=login
<form method="post" name="login" action="lib.php?cmd=login" onsubmit="return login_check_submit()"> ID <input type="text" name="id" value=""> <br> PW <input type="password" name="pw" value=""> <br>
<input type="submit" value="login"> <input type="button" onclick="onLayer('join');" value="JOIN"> <input type="button" onclick="toggle()" value="forgot pw">
</form>POST lib.php?cmd=pwreset
<form method="post" action="lib.php?cmd=pwreset"> ID <input type="text" name="id" value=""> <input type="submit" value="RESET PASSWORD (slow! u gotta wait)">
</form>Name: join — POST lib.php?cmd=join
<form method="post" name="join" action="lib.php?cmd=join" onsubmit="return join_check_submit()">
<center> *passwords are encrypted. but avoid using important password (i.e., password for your google account). <table>
<tbody>
<tr>
<td>ID</td>
<td><input type="text" name="id"></td>
</tr>
<tr>
<td>NAME</td>
<td><input type="text" name="name"></td>
</tr>
<tr>
<td>E-MAIL</td>
<td><input type="text" name="email"></td>
</tr>
<tr>
<td>PW</td>
<td><input type="password" name="pw"></td>
</tr>
<tr>
<td>PW Confirm</td>
<td><input type="password" name="pw2"></td>
</tr>
<tr>
<td colspan="2" align="center">
<font size="2">Input valid E-MAIL if you want wechall scoring and password recovery</font>
</td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="OK"></td>
</tr>
</tbody>
</table>
</center>
</form>Text Content
LOGIN ID PW ID JOIN *passwords are encrypted. but avoid using important password (i.e., password for your google account). ID NAME E-MAIL PW PW Confirm Input valid E-MAIL if you want wechall scoring and password recovery Login first i Home Play Rank Login What is pwnable.kr? 'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is 'fun'. please consider each of the challenges as a game. But, if you want to just study pwn-related stuffs, check out the following video lectures. How do I play? there are flag files corresponding to each challenges (similar to CTF), you need to read it and submit to pwnable.kr to get the corresponding point. in order to read the flag file, you need some skills regarding programming, reverse-engineering, bug exploitation, system knowledge, cryptography. each challenges have author's intended solution, however, there are a lot of unintended solutions as well :) the challenges are divided into four categories. [Toddler's Bottle] - very easy challenges with simple mistakes. [Rookiss] - typical bug exploitation challenges for rookies. [Grotesque] - these challenges are grotesque-y. painful to solve it, but very tasty flag :) [Hacker's Secret] - intended solution for these challenges involves special techniques. Disclaimer 1. pwnable.kr is a non-commercial website. 2. the contents and services provided by pwnable.kr is absolutly free to individuals for non-commercial use, however it is prohibited from being utilized in commercial manner. 3. contact admin or use proper citation in case of using the contents of pwnable.kr for non-commercial *public* use (e.g., academic class exercise). 4. never use pwnable.kr's resources or information learned from pwnable.kr for illegal purpose. Rules & Tips 1. all kinds of DoS activities (i.e., too many process/file creation, or network access) are forbidden. there is no challenge which requires *excessive brute-forcing*. the intended solution always gets you the flag in less than a minuet 2. if you find any unintended bug or system deficiency, please report admin. you will be thanked and get some credit 3. challenges in Toddler's Bottle are allowed to freely post the solutions online. However, please refrain from posting solution for challenges in other categories. But if you insist, post easy ones (solved by many people) and do not spoil too much details for the sake of fun. 4. you can ask/answer hints for challenges in IRC, but again, don't spoil too much 5. all challenges are solvable. but if you think something is wrong, feel free to report admin 6. google is the best teacher in the world, but if you are hopelessly stuck, feel free to contact admin or IRC for advice 7. difficulties of pwnable.kr is orders of magnitude easier than top class CTF such as DEFCON CTF or real world hacking contest such as PWN2OWN Contact admin daehee (daehee87@khu.ac.kr) irc irc.netgarage.org:6667/#pwnable.kr (or type "irssi" from pwnable.kr server) Credits jonathanxz22 : reporting server vulnerability (weak password) N1kasu, martin : reporting server vulnerability (local privilege escalation) veritas501 : reporting configuration error that allows unintended access for all QEMU-based tasks haber : reporting multiple vulnerabilities in configuration afang : reporting unintended solution (dos4fun) debukuk : reporting CSRF vulnerability on webpage yelang123 : reporting XSS vulnerability on webpage 5unKn0wn : reporting unintended solution (pwnsandbox) Charo : reporting web server configuration error martin : reporting server vulnerability (local privilege escalation on proxy-server challenge) bla : IRC channel support neomant : reporting site management mistake (information disclosure) null0 : reporting site configuration error (duplicate flag authentication) acez : reporting server configuration error (unintended access for all QEMU-based tasks) sweetchip : reporting server configuration error (unintended ssh access) Cool wargame sites & CTF competition pwnable.kr is powered/supported by SSLab@Gatech, Pwnlab@KHU © PWNABLE.KR SINCE 2014 - ALL RIGHTS RESERVED. OPTIMIZED TO CHROME