Level 2
HINT: Since Sam didn't upload the password file the php program will produce an
error when it checks to validate the password you enter

Level 3
HINT: Remember the error message you got?? Read it carefully, Sam did upload
that file this time.

Level 4
HINT: Save this websight to your hard drive and then you can edit it. (Requires
knowledge of HTML Forms)

Level 5--Now it gets HARD!
Ok, there are multiple ways to do this but this is how I did it (Probably not
the easiest way):
Unless you know HTTP protacle by heart you should set up a netcat listener on
port 80 and redirect it to a text file (If you don't have netcat search for a
download)
In your command prompt type "nc -L -v -p 80 > 'name and location of text file' "
Then save the level 5 web file to your hard drive and edit it the same way you
did for level 4 but this time change the target in the e-mail reminder form to
"http://localhost/hack/level5/level5.php"
Now load this edited html file into your browser and submit the e-mail reminder.
Check the text file, thats what your browser sends to the server when it
requests a web page.
Now telnet to hulla-balloo.com port 80 and paste that code, you should get the
Invalid URL message
So, in order to beat the level you have to add a little thing to that text you
pasted into telnet
This is called a Referer, I dont want to make it too obvious so play around with
that.
EASIER METHOD

Level 6
HINT: Try submiting a bunch of "a"'s

Level 8
Ok, this level sucks. You need to use a SSI exploit.
HINT: try the UNIX command "ls" similar to the MS-DOS command "dir"
In order to beat it you have to use the exact wording of the directory

Level 9
HINT: Read the challenge carefully, this is kind of like a ridle
Also, for some reason it only works if you use the text box (Unlike level 8
which i beat using the adress bar)

Level 10
Set up a netcat listener to get the protocle you'll use then telnet to the
server and paste that code in.
See that little thing that says something about cookies? When you browser goes
to the web page it stores the cookie in its memory, if it returns to the same
page it sends it through the header in the form "Cookie: (cookie name)=(cookie
value)"
Add this to the text you pasted to telnet and try it again.
Hmm.. If it worked for you please e-mail the password to me, if it didn't then
your in good company.
I tried, and tried to get it to work but it didn't. so oh well.

Level 12
Wait, you ask, what happened to levels 10 and 11? Well heres my last hint: Try
everything you tried in level 10 exept for level 12, there you go.