Ha.ckers.org Blackhat Challenge
A la Caezar’s Challenge, I wanted to create my own such challenge for the people who are able to attend Blackhat/DefCon and those who are unable alike. However, unlike Caezar’s challenge, this isn’t so much a better humanity type challenge - this is just a game for people looking to solve hard problems. The goal? Find the clues, solve the puzzle and win a ha.ckers/sla.ckers branded tee-shirt. If you aren’t coming to the con, no worries, we’ll ship you one. Here’s the ha.ckers.org challenge.
I must warn you - if you don’t know HTTP inside and out, there’s a good chance you won’t get past the first clue. It’s tough, very tough. I don’t expect anyone to solve it, although it can be solved in under ten minutes if you know what you’re doing. The rules are on the challenge. Good luck and see you in Vegas if you are coming!
Update: I’m going to cap it at 10 people. I’ll announce a list of winners that want their names to be mentioned along with how to solve the challenge once the answers come rolling in.
Update 2: We have our winners! In order of response :
WhiteAcid
Billy Rios
Shawn Lauriat
Tyler Reguly
Chris Soghoian
Ryan Platt
Wesley McGraw
Sid Stamm
Georgie
The spoiler is located here if you just want to know how it happened. Congrats to the winners. We had all of them in within just a few hours! Amazing! That definitely says something about the readership! This wasn’t an easy test. Maybe the next one will be harder. 
July 26th, 2007 at 5:03 pm
Cool! I’ve just answered.
Call me a geek, but I enjoy little puzzles like this.
July 26th, 2007 at 5:46 pm
I just answered too, definitely a fun little puzzle!
July 26th, 2007 at 6:16 pm
great challenge..
any chance of a part2?:)
July 26th, 2007 at 7:14 pm
Great! Just answered, heopfully got it right.
July 26th, 2007 at 7:25 pm
You guys rocked, btw…. very impressive, and I wasn’t exactly trying to make it easy either. Yes, there will definitely be a round two - but it’ll have to wait. There’s much to be done!
July 26th, 2007 at 8:15 pm
Argh! You should announce a start-time in advance. Stupid google reader takes too stinking long to update. Oh well… I’ll wait for part2. Or maybe buy you a drink at BH and see if that’s an alternate solution to the task of getting a t-shirt.
July 26th, 2007 at 9:37 pm
I’ll have to use a “Lame excuse” card. Out of curiosity, do you still have the challenge posted somewhere?
July 26th, 2007 at 10:24 pm
Although don’t pass the first one, but I can’t wait for the second round xD~
Thanks
July 26th, 2007 at 11:18 pm
Yes..definitely give a heads up next time. My new job doesn’t involve computers in any way really, so I can’t be checking feeds every 10 minutes like I usually do.
July 26th, 2007 at 11:22 pm
@ChrisP
The challenge is still on line via the link in the article… http://ha.ckers.org/challenge/
July 27th, 2007 at 1:15 am
This sucks. If I only hadn’t slept for so long today …
July 27th, 2007 at 8:05 am
Okay, after much brooding I think here is where I went wrong:
- I made it sliiightly too easy, that can be rectified.
- I didn’t have quite enough red herrings - again that can be rectified
- I made it require emailing me, which meant I was acting as a referee instead of creating a program to do it for me that was completely unbiased.
- I didn’t give people advance notice.
So here’s what I’m thinking. Once a month (or so) maybe more maybe less. I’ll give everyone a head’s up as to the exact date/time that it starts. I’ll have a program to put your answer into that calculates time, etc… so we can get precise stats.
Now all we need is prizes. Anyone have some executive sponsorship and want to sponsor 10 prizes?
July 27th, 2007 at 4:12 pm
Not to boast or anything but I just completed this in fifteen minutes :D. Ah well, luckily I have enough tee-shirts already.
Nice little chall, I’ll mail you the answer to proof my victory.
July 27th, 2007 at 11:50 pm
Just so the rest of us who would like to try it out just for kicks could you repost the first clue? I don’t need a t-shirt, I just want to see how far I can get.
July 28th, 2007 at 7:15 am
All the information is still on the site. You should be able to still take it. Although I think I screwed up somewhere and posted James Dewar as a winner, although he didn’t complete it - this is why I need a program to handle score tallying for me, rather than me doing it by hand over email. So we actually had 9 winners. Sorry for the confusion.
July 28th, 2007 at 7:23 am
a very cool idea, and i like all your suggestions for improvement. prize or no prize, i look forward to seeing these regularly
July 29th, 2007 at 2:18 am
I found 3 parts, but telnetting to port 80 and sending different headers reveals notting to me. Can sby. please tell me how to do this? Thanks in advance.
Jackson
July 29th, 2007 at 7:18 am
What User Agent are you sending?
July 29th, 2007 at 7:26 am
Too fast for me also … I’ve seen it too late (now).
July 29th, 2007 at 9:31 am
@action jackson
You don’t have to telnet, you can use the Firefox Tamperdata extension to catch the response headers, and also modify the requests.
July 30th, 2007 at 3:53 am
Thanks for the help - gotit.
This was very very nice. I’d also like to see more of that….
Greetz,
Jackson
July 30th, 2007 at 7:47 am
newbie here. could we have a thread on every challege? perhaps abit extra on the spoiler page hinting which topic it covers, so newbies can try to digg about that particular information?
July 30th, 2007 at 9:28 am
We could add a thread on http://sla.ckers.org for each challenge… That’s not a bad idea. Once it’s solved completely people can chat about the spoilers all they like. The goal of this one was to make sure people thought about images as binary data with embeddable data and HTTP header manipulation.
July 30th, 2007 at 10:41 am
very cool, heads up for the next one will be clutch ;]
July 30th, 2007 at 11:10 am
Good plan.
August 13th, 2007 at 8:50 am
You should create a new challenge dealing with HTML for the non-http-understandor here.
I wanna tee!!
August 13th, 2007 at 9:12 am
This isn’t a challenge, but this is what I give to people who think they know HTML (I give them the source code first and ask them to tell me what it says). HTML is complicated, but the problem is, it’s easy given that the rendering engines give you the answer:
http://ha.ckers.org/weird/dandb.html
January 9th, 2009 at 3:40 pm
What User Agent do I use?