Logic Missions

[AtlasDark]

It's rather sad when people join the site to scrounge up points rather than to attempt to learn how to defeat the locks.

However, the points do not apply anywhere and aren't really a status symbol - those who come here just to rack 'em up achieve nothing, and someone with zero experience with basic scripting who has already defeated every logistical, stenographical, basic, and other mission type is subject to scrutiny regarding this, but ultimately, it means nothing.

They're effectively wasting their time.

[DrakierD]

It's rather sad when people join the site to scrounge up points rather than to attempt to learn how to defeat the locks.

However, the points do not apply anywhere and aren't really a status symbol - those who come here just to rack 'em up achieve nothing, and someone with zero experience with basic scripting who has already defeated every logistical, stenographical, basic, and other mission type is subject to scrutiny regarding this, but ultimately, it means nothing.

They're effectively wasting their time.

I don't know if this was in response to what I wrote or not, but I figured I'd answer it from my perspective anyway as it might shed some light for others who feel the same way as me.

I don't come to these sites purely to "scrounge up points". I come to do the challenges and learn. One of the side benefits however is being able to compare my skills to those around me. The only "objective" way to do that is through point comparison.

I like to try to strive for the top and achieve the upper ranks. I've done this on every challenge site I've been on. That's just the way I am. I keep trying at things until I either get so frustrated at a roadblock that there is no continuing, or I figure it out and finish. The Points are really the only way to "prove" (more or less) that someone has achieved anything. Sure there are sites out there that have the answers for some of the missions. But there are still plenty of missions out there that have no answers on any sites.

I have plenty of experience, so I'm not just here to get points. The points are simply a gauge at how I measure up to others. As per my previous post, if they didn't remove the points retroactively from all the people who'd achieved the Logic Missions already, then it would put new challengers at a disadvantage because they would NEVER be able to match up to those or have an accurate reference/comparison.

The playing field has to be level in order for it to mean anything.

[AtlasDark]

Hm? Oh, I wasn't attempting to scrutinize you, I went off with an idea and got lost in the thread structure.

[Finarfin Palantir]

Hi Guys!

I've been thinking about the problem regarding the logic missions, now apparently there are 2 major groups, the majority doesn't want to earn points for the Logic missions but still be able to do them, the other isn't really important since it totally missed the point about HTS, what about creating a section where users can post their own riddles and once approved, the members have a shot @ answering them? Just a bit more interactive form of logic missions, I was thinking this might even happen on the forum? That way logic can be removed from profiles and seperated from challenges which are actually hacking?

Let me know what you think,

Regards
FP

[godofcereal]

Riddles on the forum as logic missions? Aha...
Do you count basic 1-10 hacking?

[haha01haha01]

Do you count basic 1-10 hacking?

They do teach you some basic techniques that you will need later on the realistic missions. without the basic missions i dont think i would have passed the second or third realistic mission, and definitely not the ones after.

Also, im on the anti-logic side in this battle. i always hated these missions, simply because they have way too many solutions, but only the one that the developers thought of is accepted.

[Nines]

The only missions that should be on this site (out of the current categories) are Basic, Realisic, Application and Programming.

I'm the reason the logic missions are disabled (finally!) as I was the one who posted the entire list of answers on IRC. I felt this needed to be done as when I was actually staff here, nobody would listen when I said they had no function beyond a little puzzle-solving (although most of them were just old riddles, a couple of which were modified so that they made little or no sense or were just downright pointless) and so shouldn't be part of HackThisSite (maybe SolveThisPuzzle!) The worst part being that I actually wrote two of them, so I felt I was partly to blame. I figured the only way to get them removed from the site was to just post the answers. That way they were bound to get the axe.

Steganography has little to do with hacking, especially the challenges on this site. If I wanted to encode something in an image, I'd use an extremely complicated algorithm and heavy encryption. Even then the odds are that you wouldn't know that something was encoded in the image unless you were told about it. The stego challenges (while a couple were fun) are more puzzle-based and shouldn't be on the site.

Javascript missions should be scrapped, since most of them are just basic obfuscation or "follow the code" tasks. It doesn't reflect any real-life situation at all. I do appreciate that Javascript plays an increasingly integral part of modern websites in the form of AJAX, so it would make more sense to have REALISTIC missions that incorporate this, rather than a specific category for a language.

The Extended Basic missions are horrible, as many of them use a "win string" or a weak regex. The idea of just analysing code could be incorporated into REALISTIC missions (as it already has been) rather than having a section of just "find the vulnerability and fix it in the way we have". Calling them extended basic missions kinda defeats the point, since you're expected to understand vulnerabilities that you may not have come across yet, so rather than research them in context, people are more than likely going to google part of the code and find a similar piece of code with the answer to the challenge right next to it, rather than see it in context and understand why a particular vulnerability is there.

The IRC missions are actually a nice addition.

The logic missions would be better renamed and repackaged as part of the forum, where if you wanted to solve each others challenges, you could, without bringing the rest of the missions into disrepute. I say this because there are a couple of very well thought out missions here, designed by very talented programmers/hackers. html's prog3 is a prime example of this and it's just a shame she isn't here to write more like it.

On a side note to those against it. I believe that the points/rankings system is a POSITIVE aspect of this site. It encourages competition which I feel as a society we don't do enough of anymore. People will cheat whether there are points up for grabs or not. You know when someone doesn't know what they are talking about. It's more embarrassing to get called on something that you don't know when you've already professed to do so, so anyone cheating in the rankings will see their profile littered with comments about that person not knowing what they are talking about, since the top ranked users get the most hits. The points system don't devalue the missions. Shitty missions devalue the point system.

What needs to happen:

Remove the Logic, Stego, eBasic, Javascript missions. If there were any useful aspects of the missions to be removed, incorporate them into realistic missions, since I think that most users prefer them anyway.

Rewrite the application missions to include a new set of passwords.

Make the basic missions more comprehensive, with possibly a well-written tutorial to accompany each one and explain it afterward in a review-style system. I don't like that Basic1 is called the 'idiot test' when someone totally new to the scene wouldn't think to view the page source.

Remove Prog missions after prog 8. I know this seems a little extreme, but the programs you're asked to write in the latter few are pretty arbitrary. If future missions were going to be written, they should maybe have some sort of realistic applicationlike the earlier ones, rather than just "parse this string". 1 = Anagram solver, 3 = Encryption, 5 = Bruteforce-fixing a corrupted file, 6 = OCR, etc.. Kinda 'useful' stuff to know?

Add some new, relevant categories: Encryption, Rooting, etc.

Finally, and this is absolutely essential. Remove everyone's basic and app missions once the missions have been re-written. Then you'd see who cheated and who didn't and we'd all be on a more level playing field? I mean how hard is it just to re-complete something you already understand?

I know what I've said may seem a bit heavy, but the people who actually know anything about real hacking on this site (and unfortunately that's becoming fewer and fewer) will totally agree about removing the pointless missions that degrade the decent challenges here.

Anyway, this has gone on long enough already, tl;dr and all that crap.

[Finarfin Palantir]

I do agree with what you are saying and although moving more than just the logic missions from hts wasn't something I originally considered, I do think it's a good idea.

Your right there is absoultely no reason why you'd be able to do a sql or xss injection one day and have no clue what it is the next, nevermind the ability to read source code.

If you consider yourself a programmer and one morning you get up and you fail to remember how if,foor and repeat structures works, or how a cursor works in SQL, you should reconsider whether you really are one or not.

[Kage]

Yes, I agree a lot of the missions are kind of screwed up, lame, and outdated. We're actually working on many different kinds of missions as of lately, and may be splitting things up into many different categories and subcategories. One main reason why we still have Basic and Javascript and so forth is because those are pivotal and essential core elements for many things.

Yeah, you could combine them all into Realistic, since all of this is supposed to simulate realistic situations. Hell, why don't we ONLY make Realistic missions? Get rid of them all and move them all into Realistic missions? Really, that's not a wise decision in the slightest regard. We intentionally split things up, and will be doing so even further soon, because it helps you work on certain elements one at time. You don't learn every single part of a programming language in one day, you learn each element and practice it slowly (conditionals one day, loops the next, etc.).

Trust me, though, there are going to be a LOT of missions changes before long. We're bringing in some new missions and categories that are absolutely killer. But also understand we have so many other things that are critical that we're working on (such as training developers, meetings, securing and fixing our existing code, adding more site features, etc.), so these changes won't happen overnight, or maybe even in the next six months. We're not a giant development community like Ubuntu or Fedora, where we can sit down and have scheduled releases, Testing, Pre-Production, Production, and Quality Assurance development beds, 5000+ developers working on stuff, etc. We're trying our best, though.

[haha01haha01]

Nines and Kage pretty summed it up, but i have one more thing i'd like to say about the application missions.
why were they made so easy? i cracked many, many various applications in my life, and i must say that all the application missions were terribly easy to complete. They dont even reach the security level contained in an avg pay-ware... (and although im not the greatest hacker ever, i know some stuff about application cracking, so you can trust me on that one)

I say some of the easier applications need to be removed (especially the VB ones. seriously, what is their point? you decompile them or set a BP on one of the string comparison functions and youre done.) or replaced with applications that are acting like a real program (sort of what app 18 is, but its still only in beta).