Have you ever wanted to learn how to hack? Are you more of a hands on learner, then one that can learn from just reading out of a book? Are you interested in developing secure code by understanding how a hacker will attack your application? If you answered "yes" to any of these questions, then this site is for you. Since 2005, Enigma Group has been providing its members a legal and safe security resource where they can develop their pen-testing skills on various challenges provided by this site. These challenges cover the exploits listed in the OWASP Top 10 Project and teach members the many other types of exploits that are found in today's applications; thus, helping them to become better programmers in the mean time. By knowing your enemy, you can defeat your enemy.

The missions are sub-divided into what we have below

Prerequisites

Pre 1 - View Source —
Pre 2 - Url Modification —
Pre 3 - Robots —

JavaScript

JavaScript 1 - Form modification —
JavaScript 2 - Login Bypass —
JavaScript 3 - Login Bypass —
JavaScript 4 - Login Bypass —
JavaScript 5 - Login Bypass —
JavaScript 6 - Login Bypass —
JavaScript 7 - Login Bypass —
JavaScript 8 - Login Bypass —
JavaScript 9 - Substrings —
JavaScript 10 - charCodeAt() —
JavaScript 11 - charAt();indexOf() —
JavaScript 12 - Date Manipulation —

Miscellaneous

Misc. 1 - Header Injections —
Misc. 2 - Server Side Includes —
Misc. 3 - Regexp Skills —
Misc. 4 - Buffer Overflows —
Misc. 5 - Buffer Overflows (cont.) —
Misc. 6 - Shopping Cart Exploitation —
Misc. 7 - MySQL and SQL Column Truncation Vulnerabilities —

Spoofing

Spoofing 1 - Internet Protocol —
Spoofing 2 - Useragent —
Spoofing 3 - Referrer —
Spoofing 4 - Resolution —
Spoofing 5 - Cookie Modification —

SQL Injections

SQL 1 - Login Bypass —
SQL 2 - Basic URL Based Injection —
SQL 3 - Signature Evasion —
SQL 4 - Useragent Based Injection —
SQL 5 - Blind SQL Injection 1 —
SQL 6 - Blind SQL Injection 2 —

URL Manipulation

URLManip. 1 - $_GET superglobal includes —
URLManip. 2 - Hex Injection —
URLManip. 3 - Hex Injection (Cont.) —

Auditing

Auditing 1 - PHP Audit Discovery —
Auditing 2 - PHP Audit Discovery —
Auditing 3 - PHP Audit Discovery —
Auditing 4 - PHP Audit Discovery —
Auditing 5 - PHP Audit Discovery —
Auditing 6 - PHP Audit Discovery —
Auditing 7 - PHP Audit Discovery —
Auditing 8 - PHP Audit Discovery —
Auditing 9 - PHP Audit Discovery —
Auditing 10 - PHP Audit Discovery —
Auditing 11 - PHP Audit Discovery —
Auditing 12 - PHP Audit Discovery —

Reconnaissance

Reconnaissance 1 - Server IP/OS —
Reconnaissance 2 - PHP Version —
Reconnaissance 3 - Full Path Disclosure - Array[] —
Reconnaissance 4 - Full Path Disclosure - $_SESSION[] —
Reconnaissance 5 - Full Path Disclosure - Zero Division —

Variable Manipulation

VarManip. 1 - Local File Inclusion —
VarManip. 2 - Redirection Evasion —
VarManip. 3 - Remote File Inclusion —
VarManip. 4 - Basic Filter Evasion —
VarManip. 5 - Cross Site Request Forgery —
VarManip. 6 - Carriage Return Line Feed Injection —
VarManip. 7 - Null Byte Upload —
VarManip. 8 - Null Byte Includes —
VarManip. 9 - GIF Upload Bypass One —
VarManip. 10 - GIF Upload Bypass Two —

XSS (Cross Site Scripting)

XSS 1 - Basic Cross Site Scripting —
XSS 2 - UserAgent XSS —
XSS 3 - fromCharCode XSS —
XSS 4 - Basic Filter Evasion XSS —

Java Applets

Java Applet 1 - Basic Java Applet - Check Your Mission Answer! —
Java Applet 2 - Basic Java Applet - Check Your Mission Answer! —
Java Applet 3 - Basic Java Applet - Check Your Mission Answer! —
Java Applet 4 - Basic Java Applet - Check Your Mission Answer! —



Trust me, we are gon learn a LOT. .and we all would definitely enjoy this!

SignUp Here: http://www.enigmagroup.org

After Signing up, visit the mission page here http://www.enigmagroup.org/pages/basics/ and start from the Pre-requisites downwards. .

Please indicate after signing up and also let's use this thread as our "discussion room". .

Incase you get stuck trying to solve a mission, please feel free to ask questions HERE

Please Remember: NO SPOILERS Pls


Happy spl0iting

hope it is gonna be mind exploding? cos i have been wanting to learn hacking for the better.. thanks for bringing it up...

am still in the site and am enjoying it. thanks man! i love you

dansmog++:
am still in the site and am enjoying it. thanks man! i love you

I luv yo gf more . .

What level are you on now?

am still checking out the basic skills,
yeah i know! i havent gone far..

A mission at a time bro . .Don't rush it . .

Also make sure you are putting your notepad++ /notepad into good use. .

Slyr0x, there is a problem! i thought it was gonna be tutorial on hacking? how come am seeing mission, which i need to complete, or am i not clicking on the right links? is there no tutorials cos i have only learn't html,css and am learning javascript now.

Slyr0x: Have you ever wanted to learn how to hack? Are you more of a hands on learner, then one that can learn from just reading out of a book?

^^^You have your answer here bro. .

It is a hands-on hacking simulation site. . .So basically, you learn by trying to break into webapps with the little tips given.

try www.hackthissite.org thats good too!!!!
never got past basic ten

http://www.enigmagroup.org/missions/basics/pre/2/*********/******.inc
the answer to pre 2 is not working 404 error and i cant move to more advance stuffs because of this iish
or maybe the dontlookhere is wrong or my network is effing up

how them dey do robot rubbish ehn? but IWP na eff up, the thing they dull me.....need help with a good server.

User-agent: *
Disallow: /f0rk/
how the f*ck do i use it? mad

spoiler addd this to the url of pre 3 /f0rk/
how about javascript 2,3,4,5 please?

You done with Javascript 1?

yes i edited source on opera 11
PLEASE JAVA 3,4,5,6,7 help spoilers also accepted

how do i do this java 3 nah i can veiw the sourec on my opera 11
how is it under my nose i have cleaned it pls a spoiler needed

slyr0x am i gonna get answered or not mehn help out a brother
chasing you with a virus ..

<script type="text/javascript">



var year= 6
var pass=12

for(i = 1; i <= year; i++)
{
pass += year * i * year;
}
document.write(pass)
/*
WHEN PASS = 318338237039211050000
WHAT IS THE VALUE OF YEAR.
pass += year * i * year;
*/

</script>

I need to know where am getting it wrong

when I do it manually by hand, the result is never the same with what i got from this script.
Any hint?

Gud job fellas am on my way!

Java 3 how do i veiw source code when its hidden or is dat the real code?

^^
Hey I think you need this tool to actually see what you re doing.

https://addons.mozilla.org/firefox/downloads/file/123595/firebug-1.7.3-fx.xpi?src=dp-btn-primary

thanks bro am trying it

Please in JavaScript 7 is it the day you registered you use?

<script language="JavaScript">
var base= new Array("0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "A", "B", "C", "", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z","a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z";
var data=new Array(3);
base.reverse();
data[0]=base[42];
data[1]=base[11];
data[2]=base[17];
data[3]=base[12];
data[4]=base[7];
data[5]=base[43];
data[6]=base[6];
password=prompt("Please enter the Password!","";
if (password==data.join("_"){
window.location.href=""+password+".php";
}

Please any tip?

@nesty
what you need to study for you to beat that mission are (join,reverse and array), once you did that, you wouldn't have much to ask.



I just tried it now and improved my solution with a script that solves prints out the pass for me.