Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by GoldofSun on Tue Feb 02, 2016 11:04 am
([msg=91470]see Re: Please ask questions ONLY in this topic.[/msg])

boriz666 wrote:The page you reques, sends a "X-Frame-Options: DENY", header field with
the response back to your browser and due to that your browser will not show
the content in a frame or iframe.

Code: Select all
~]# curl -i "https://www.hackthissite.org/missions/realistic/5/"
HTTP/1.1 200 OK
Date: Tue, 02 Feb 2016 15:08:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 627
Connection: keep-alive
Last-Modified: Mon, 30 Dec 2013 05:28:08 GMT
ETag: "d159eca-273-4eeb9b57bea00"
Accept-Ranges: bytes
Server: HackThisSite Load Balancer
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff

..
..


If you use firefox, you can get an addon to ignore the X-Frame-Options: DENY
you can get it here:
https://addons.mozilla.org/en-us/firefo ... e-options/

In this instance it should propably not be sent by the server, or the mission should
be changed not to use iframes / frames.

Or the server should deny only iframes if its origin isn't local:
X-Frame-Options: sameorigin

Some admin needs to look at this and act accordingly.


Ok. Thank you very much for your reply.
GoldofSun
New User
New User
 
Posts: 2
Joined: Sun Jan 31, 2016 7:07 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by alasqa on Wed Feb 10, 2016 11:58 pm
([msg=91570]see Re: Please ask questions ONLY in this topic.[/msg])

Just started this mission and all I see is a blank page. I can see the source and all it says essentially is that it is not supported on this browser. I have tried both chrome and firefox. Any ideas?


EDIT: nevermind I found a workaround.
alasqa
New User
New User
 
Posts: 1
Joined: Wed Feb 10, 2016 11:56 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by -Ninjex- on Tue Feb 16, 2016 1:46 pm
([msg=91633]see Re: Please ask questions ONLY in this topic.[/msg])

boriz666 wrote:The page you reques, sends a "X-Frame-Options: DENY", header field with
the response back to your browser and due to that your browser will not show
the content in a frame or iframe.

Code: Select all
~]# curl -i "https://www.hackthissite.org/missions/realistic/5/"
HTTP/1.1 200 OK
Date: Tue, 02 Feb 2016 15:08:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 627
Connection: keep-alive
Last-Modified: Mon, 30 Dec 2013 05:28:08 GMT
ETag: "d159eca-273-4eeb9b57bea00"
Accept-Ranges: bytes
Server: HackThisSite Load Balancer
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff

..
..


If you use firefox, you can get an addon to ignore the X-Frame-Options: DENY
you can get it here:
https://addons.mozilla.org/en-us/firefo ... e-options/

In this instance it should propably not be sent by the server, or the mission should
be changed not to use iframes / frames.

Or the server should deny only iframes if its origin isn't local:
X-Frame-Options: sameorigin

Some admin needs to look at this and act accordingly.


Thank you, a patch has been made <3
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by wasseristnass on Sun May 08, 2016 4:40 pm
([msg=92291]see Re: Please ask questions ONLY in this topic.[/msg])

I found the hash in a specific secretly hidden directory.
I tried JTR, different websites and even other sources (using linux, hence sources), compiled them etc. Nothing seems to be working. So, questions:
1) Has the hash changed over the months? (I must admit I looked up other sources and found another hash, but a different one (also not working (the pw))
2) Any other tool I can use to decrypt? Still working on it. JTR is already running for over an hour and when I read it should take 2-3 minutes, I started typing this here. (I prefer linux programs, so no Abel & Cain for me).

Hope I didn't gave away a hint that I shouldn't.
wasseristnass
New User
New User
 
Posts: 2
Joined: Fri May 06, 2016 9:13 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by ba4max on Sat Jun 04, 2016 10:46 pm
([msg=92417]see Re: Please ask questions ONLY in this topic.[/msg])

Just a quick FYI for anyone doing the challenge.

The hash you find does work ... read the threads BUT I did not find an on line resource that worked properly.
I am a linux user and found John the Ripper to not work, with a tiny bit of work I did a little Wine setup with Cain and all worked out perfectly.

All these challenges are a blast !
ba4max
New User
New User
 
Posts: 1
Joined: Sat Jun 04, 2016 10:40 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Starman11 on Thu Aug 04, 2016 3:55 pm
([msg=92734]see Re: Please ask questions ONLY in this topic.[/msg])

I've attempted to download Cain and Abel, but the browser blocks it and says it may contain a virus
Starman11
Experienced User
Experienced User
 
Posts: 60
Joined: Wed Jul 27, 2016 9:07 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mrsteely on Sat Aug 13, 2016 4:32 pm
([msg=92777]see Re: Please ask questions ONLY in this topic.[/msg])

Is this hash crackable or is there something I'm missing?
I've got the hash without too much hassle. unfortunately as im running windows 10 cain and abel wont run (DLLs arent compatible with my OS)
I've tried various online crackers for virtually every encryption type i can find but nothing comes back. In the end I tried searching for the solution and even that didnt work!

Got to give up on this one, its very disappointing :evil:
mrsteely
New User
New User
 
Posts: 2
Joined: Fri Aug 12, 2016 5:22 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Sgt Slaughter on Wed Aug 24, 2016 9:23 pm
([msg=92832]see Re: Please ask questions ONLY in this topic.[/msg])

I've hit a wall here. I have tried multiple online hashers. C&A wont install on Windows 10. I get on my Kali laptop and try JTR, Find My Hash, and HashID but, nothing. Then I try C&A via wine in Kali and it wont instal either.. same error with DLLs as WIN10.

edit: used hashcat and still no go
edit2: Got JTR to get it finally!
Sgt Slaughter
New User
New User
 
Posts: 1
Joined: Wed Aug 24, 2016 12:35 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by kevinharley on Mon Oct 17, 2016 11:32 pm
([msg=93021]see Re: Please ask questions ONLY in this topic.[/msg])

Excuse me, I solved previous missions and now I'm stuck here. I got the hash, but when I can't reverse it with JTR (I tried many format md2. md4, md5 ...) but nothing is true, I searched the hash on some online reverse service but it returns nothing. Can i send the hash to someone for help? Thank you.
kevinharley
New User
New User
 
Posts: 1
Joined: Mon Oct 17, 2016 11:05 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by conscience on Fri Oct 28, 2016 11:41 am
([msg=93053]see Re: Please ask questions ONLY in this topic.[/msg])

kevinharley wrote:Excuse me, I solved previous missions and now I'm stuck here. I got the hash, but when I can't reverse it with JTR (I tried many format md2. md4, md5 ...) but nothing is true, I searched the hash on some online reverse service but it returns nothing. Can i send the hash to someone for help? Thank you.


It's really not that complicated. You must have ran by the solution during your attempts. JTR should find it in a reasonable amount of time. Can't really help more without giving it all away.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 289
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


PreviousNext

Return to (Real 5) Damn Telemarketers!

Who is online

Users browsing this forum: No registered users and 0 guests