
Game of Hacks - lelf
http://www.gameofhacks.com/
======
2J
After you answer a question, there should be an explanation of the right
answer. I was able to guess through some that I had no idea what they actually
were, and an explanation of why I did/didn't get it right will help a lot and
actually help me identify vulnerable code.

~~~
gravity13
Yeah. I have no CS background so I was hoping to learn something here. Nope.

------
ZirconCode
The best part of this game is the leaderboard:

7e+177 - maplesyrupguy

1e+73 - Game itself was harder than to hack it

1.3999999999999998e+26 - I learned at least one thing...

1.555555682012021e+24 - Tries to teach security, fails at security.

1.4e+22 - jon

1e+22 - idiots

123456789212345710000 - Ironically it's easy to hack a game about finding
security bugs!

100100000000000000000 - did i do

70000000000000130000 - alex

2800000000000251000 - frankwins

~~~
kybernetyk
Maybe that was the meta game.

------
Sonicmouse
Play it on an iPhone. You can pause the timer by holding your finger on the
iPhone's screen.

Yeah, it's cheating, but isn't that what it's all about?

~~~
CaRDiaK
Hacking the hack!

------
fataliss
A little coloration and indentation would be great. Going through a chunk of
20 lines of unknown language in a couple seconds is already enough of a
challenge especially for beginners, no need to add unreadability to it :P.

~~~
troyjfarrell
Fixing the indentation would also make the Python code readable. (For those
who aren't aware, whitespace is significant in Python.)

------
jljljl
You should aways have the answer "Non-exploitable code" for every question.
For some questions, the lack of this answer makes it clear that there is a
vulnerability, and the structure of the question makes it obvious which one of
the answers is most likely (e.g., no SQL or methods dealing with SQL exclude
all SQL based answers, a question with "sleep" is highly likely to be a DOS by
Sleep, etc.)

I'm not a CS guy, but I was able to deduce a lot of the answers just from how
the question was structured.

EDIT: The actual response in the app is "Non-exploitable code". Updated my
comment to reflect this

~~~
BorisMelnik
Just ran through 4 of the "beginner" tests and almost none of the answers I
ran across was "none exist." Not trying to prove or disprove your point but
did find it odd.

------
richard_cubano
I liked the one that was a C program that used argv[0] (or argv[1] - cant
remember) as the connection string for an SQL database. Then the answer was
SQL injection. I mean, sure, you can argue that's a flaw with the program, but
it's also THE ONLY POSSIBLE USE for the program.

I got 5/5 on advanced, but I don't think that proves anything. For most of the
questions my response would be "decomp your code better and use comments."

------
bagels
Timer really put me off. I can solve these, I just need more time, having not
used some of these languages in a while.

I'd rather the time counted up, losing points, instead of counting down until
I'm told I fail.

------
rpedela
Very cool, but why doesn't it tell you what the correct answer is when you get
it wrong?

~~~
brbcoding
I was wondering that too... With some sort of insight into the correct
response, one might be able to learn rather than just be tested. A lot of fun
regardless.

------
gabriel34
It is good as a game, not so good as a learning tool. There should be an
option to go back and analyze things with time for some research

------
ultimatedelman
I like the idea. I feel like a few seconds are spent trying to figure out what
language it's in, but maybe I'm just a dummy.

------
granttimmerman
Here's how to hack the hacking game. Pretty simple (in your console):

app.sendAnswer({answer: 1,time: -999999999999})

(I added the instructions on the leaderboard itself)

~~~
dmix
Crashing != hacking

------
hmsimha
There's a big difference between having to select between four different kinds
of vulnerabilities when given a piece of that you're told is insecure, and
identifying them in the wild. This is more putting the square peg in the
square hole than it is measuring the angles and being able to accurately
identify the shape.

~~~
2J
One of the questions that I got had an option that said "No vulnerabilities".
I think having that option for every question with some solid code will let
you find vulnerabilities more accurately.

------
menssen
1\. This is a vocabulary and syntax quiz, mostly.

2\. The code is unreadable (formatting) on a phone after 1.5 Manhattans.

3\. Anybody else read the title in Robert Pollard's voice?

~~~
NAFV_P
> _The code is unreadable (formatting) on a phone after 1.5 Manhattans._

I presume you mean
[http://en.wikipedia.org/wiki/Manhattan_(cocktail)](http://en.wikipedia.org/wiki/Manhattan_\(cocktail\))
?

------
slipstream-
Like the idea (and infact I've submitted some code loosely based on an example
I actually found in an application!), but yeah, the comments about needing
more time because of having not used some of the languages applies here also.
And yeah, an explanation of the right answer would help - especially if you
haven't used the language (at all, or in a while).

------
Zarkonnen
This was mostly an exercise in ready grey on grey unindented code. It's a nice
idea, but you need to make sure you're measuring the right thing.

------
byerley
Somewhat ironic that the high scores have already been hacked, though a little
inevitable since the game is client side I guess.

------
hcarvalhoalves
Pretty easy, you can ace without knowing all the languages/APIs used, just
follow the usual code smells.

------
yamaneko
How can I see the correct answers?

------
CGamesPlay
When you beat the advanced levels, and are looking for a real challenge, give
[http://escape.alf.nu](http://escape.alf.nu) a try. I didn't make it but it's
the most difficult but still educational hacking challenge I've seen. Also,
since it validates answers server-side these days, it isn't, itself, hackable.

------
pwelch
Cool game. Would be great if it gave a quick summary of why it was a right
answer and maybe some additional resources to learn more.

------
silus151
Very cool. would be better if it says the correct answer when i get it wrong?

------
olalonde
On a related note, anyone else remembers
[http://try2hack.nl/](http://try2hack.nl/)? It was one of the first sites that
got me into programming/hacking.

------
sku2007
This is similar to www.codebashing.com/sql_demo

~~~
sku2007
[http://www.codebashing.com/sql_demo](http://www.codebashing.com/sql_demo)

------
kybernetyk
Heh, the ticking clock makes it feel like that scene from the movie
"Swordfish".

(Also I found the advanced questions much easier than the beginner ones.)

------
com2kid
On beginner difficulty single player, I got the same question again and again.
After the game ended, new game, still the same question.

IE11 FWIW.

------
doctorpangloss
I dare anyone to respond faster than my -1.7976931348623157e+308.

(Or is it -9007199254740991?)

------
tempodox
Nice idea, but I don't like the timer. Actually, I should hack the page to
disable it...

------
tabrischen
Cool game ! Are there any beginner friendly resources out there to learn more
about this?

~~~
hackthisuk
Selfish plug: www.hackthis.co.uk

------
EvanYou
Had to wonder if the "root" guy on the leaderboard actually hacked the game :)

------
simonebrunozzi
Reminds me a little of CloudAcademy.com and their tests.

------
erikb
I wish they wouldn't have called it Game of _Hacks_.

------
callesgg
The funny stuff was the totally hacked leader board :)

------
steele
Hmm, I saw duplicate questions in a single session.

------
mobman
explanation and correct answers needed for most questions and there was one
such a lengthy question ...toooo long , dint read !!!

------
OedipusRex
The leaderboards are the best.

------
airza
why is this not called game of pwns?

