utxt`enigma group basic challenges 1. Read the source, Answer: fluglebinder 2. You need to read that file that fopen cant open. just put it in the URL: http://www.enigmagroup.org/missions/basic/2/dfcl91c.txt Answer: admin:rosebud10 3. I used TamperDate extension. start tamperdata, click on Jack and login. Tamperdata will capture the request and then you can change Jack to Jane. 4. it will say cant locate password.php. if you look you see index.php?file=login.php. replace login.php with password.php. http://www.enigmagroup.org/missions/basic/4/index.php?file=password.php Answer: administrator:fr34km4st3r 5. the page sends you to index2.php, you need to view the source of index.php. i just put index.php and hit escape before it forwarded me to index2.php. in the source you'll see to go to 911_411.php Answer: go here: http://www.enigmagroup.org/missions/basic/5/911_411.php 6. go to http://www.proxy4free.com, pick a transparent proxy and then refresh the page. you should get your points. 7. To get the hash: http://www.enigmagroup.org/missions/basic/7/?page=../admin/.htpasswd login page: http://www.enigmagroup.org/missions/basic/7/admin/ Answer: admin:dXWxIS6i6irN6 & admin: dog 8. use SQL injection: ' or 1=1-- 9. look at source if "(password=="script") " i typed in script for the pass or you can naviagate to: http://www.enigmagroup.org/missions/basic/9/script.php 10. look at the source, it will say its been disabled but scroll down the code is down there at the bottom answer: Source http://www.enigmagroup.org/missions/basic/10/Source.php 11. have to use the escape key to view the source of index.php before you are redirected. http://www.enigmagroup.org/missions/basic/11/redirect.php Answer: redirect 12. view source, the pass is encoded. var pass = "%41%73%63%69%69%43%68%61%72%74" this will help: http://www.linkedresources.com/tools/unescaper_v0.2b1.html http://www.enigmagroup.org/missions/basic/12/AsciiChart.php Answer: AsciiChart 13. view source, you'll see that the page is checking against a java file. http://www.enigmagroup.org/missions/basic/13/password.js--its a trick...save the page and it should download the real password.js which says the password is includes http://www.enigmagroup.org/missions/basic/13/includes.php answer: includes 14. 15. You have to change the cookie, use cookie editor to change autorized from no to yes and refresh 16. REALISTIC 1. Read the source Answer: Admin - EatAMelon runs} °UCTxqdd Lucida Grande UCgaKK Lucida Grande rlrs( °brlrÿÿÿÿÿÿÿÿrextÄÄ