Please ask questions ONLY in this topic.

[Magnus Prime]

Okay, I just got a MacBOok Pro, so I DONT want to download anything, regardless of who sas it's dangerous or not. Is there a way to do this WITHOUT a rainbow table, if so, please give a prod in the right direction (that wikipedia article just confused me, and ti didn't sa how to do it)
BTW I already got the hash.

[svlad]

Okay I have a mac and I worked out a way to crack the hash...

There's an app called "mdcrack" that was mentioned on this forum much much earlier... I found a version of the source code and managed to compile it under Mac OS X (10.5, haven't upgraded to Snow Leopard yet but I can't imagine it would work any differently)

This presents another fun challenge: it doesn't compile out of the box so you have to change a bit of the C code to make it compile. As this isn't really part of the hack I'll give some huge hints: you have to include stdlib.h in most of the .c files (all of the ones with compile errors) and change some of the variable declarations to not use "register" variables. (The coders were sloppy and used register variables but then tried to assign values to them, which is a no-no)

If you have a little bit of C coding experience you should be able to work it out in a few minutes. Then compile it up, set the RESUME_FILE env var to the same as the one in the Makefile, then you can run it (using the correct hash algorithm of course)... it only takes a few seconds to find the password given the right hash.

It's pretty amazing really, it has made me think twice about what hash algorithms I use in my development! I knew there was a flaw in those algos but not that it could be cracked so easily.

happy hacking! and thanks to the HTS people for giving us a fun way to spend our christmas holidays

[CrazyTiger]

This one was super easy after I figured out I wasn't logged in!!! Wasted a whole hour trying to figure out why I couldn't view the page.

tip: hash file is irrelevent && Cain is your friend!

[battlebball]

This one was super easy after I figured out I wasn't logged in!!! Wasted a whole hour trying to figure out why I couldn't view the page.

tip: hash file is irrelevent && Cain is your friend!

haha, the same thing happened to me when I was trying js injection... it said reauth_required or something, and I'm like wtf...

Finished this fairly quick, and I came on here to ask about that hash file... I didn't know if there was an alternative way to do this one with that file? Can someone tell me what it is? I downloaded it, but don't really know what it was even there for.

another tip: make sure you use right hash type in Cain

[msbachman]

Like the person above said, make sure you're using the right hash type.

All in all, HTS must be sinking in, because I tried this months back to no avail, only to return to it and solve it in about 10 minutes. Most of that time was restarting into Vista so I could use Cain. Cain cracked it in about half a second.

It's cake. If you're having problems finding where the hashes are stored, think back to like basic one (i.e. idiot test) and hunt for where they might be in the source.

[jakibaki]

Hi,
I did this mission with your help here, but is there a way to get the information to use [removed]out of the code? Or is it just trial&error?

[Mod Edit: ELJONTO]

[eljonto]

Hi,
I did this mission with your help here, but is there a way to get the information to use [removed]out of the code? Or is it just trial&error?

[Mod Edit: ELJONTO]

No, in the mission description it mentions the site's age, leaving only that hash type as a possibility.

[pseudostate]

Unrelated to mission, but I've got Eset Nod32 and if its enabled it quarantines john the ripper exe file, anyone have any way around this other than turning off the virus scanner?

[sanddbox]

Unrelated to mission, but I've got Eset Nod32 and if its enabled it quarantines john the ripper exe file, anyone have any way around this other than turning off the virus scanner?

Uninstall it.

Antivirus is far worse than a virus.

[avip04]

Done with the mission... rele simple, once i got the hash [frm d*r**t*r*]... but hw do i get hash by stealin cookies [searchd some cookies i got 4m usin Tamper Data bt i don find any similiar hex value]... n wht do i do wit d h***h file [can't load it on cain]...

is ther by any other possible way i can complete this again... thnkx ppl...