CORDIAL MINUET


NOTE:

The hacking challenge is OVER.

This document has been left in place for historical reference.

Jason Rohrer
April 2016
Davis, California





CORDIAL MINUET $3000 SERVER HACKING CHALLENGE
---------------------------------------------


The server is at:

cordialminuet.com


The game server runs at:

http://cordialminuet.com/gameServer/
http://cordialminuet.com/gameServer/server.php


The complete source code is here:

http://sourceforge.net/p/hcsoftware/CordialMinuet/ci/default/tree/server/


There is a $3000 bounty waiting for the FIRST person who accomplishes any ONE
of the following six hacking challenges, submitted to me by email at
(jasonrohrer [AT] fastmail [DOT] fm) along with a complete explanation of how
the hack was accomplished.  Note that only remote methods (including remote
social engineering) qualify.  Physically breaking into the server location will
disqualify you.  Completing more than one challenge will not earn you more than
one bounty (though it may get your hired by me as a consultant).




Challenge 1:

Email me the contents of the following file, which resides on the server:

/home/jcr14/hackerSecret.txt




Challenge 2:

Email me the contents of the following file, which resides on the server:

http://cordialminuet.com/gameServer/settings.php

/home/jcr14/public_html/gameServer/settings.php




Challenge 3:

Email me the account key (20 alphanumeric characters) for user ID 1 on the
server (the account associated with my personal email address,
jasonrohrer [AT] fastmail [DOT] fm).




Challenge 4:

Email me after falsely adding money (without a legitimate credit card
transaction) into the database table (dollar_balance column) for the following
test account:

user_id:  8
email:  hackertest@server.com
account_key:  UTNQUWFH7KYCFBRGSRW6




Challenge 5:

Email me after triggering a check mailing (adding an entry into the withdrawals
table) for user ID 1 on the server (the account associated with my personal
email address, jasonrohrer [AT] fastmail [DOT] fm).  Send the check to this
address:

Hacker Test
100 Maple Street
Akron, OH 44333




Challenge 6:

Email me after triggering a check mailing (adding an entry into the withdrawals
table) for user ID 8 (account details given above) for funds greater than what
is present in user 8's account.