Please ask questions ONLY in this topic.

[UsernameHerpDerp]

OK, I have several problems with this mission.

Firstly - Why on Earth would someone leave their .htaccess and .htpasswd files further down the directory chain they were blocking off? You have to leave the files preferably somewhere near root, and certainly not in the same damn folder. But let's assume that that's the critical weakness the web designer was stupid enough to include, in addition to having a php that displays any inputted text file.

Secondly - Why the shit would the .htpasswd file have a password encrypted in some bullshit hash? .htpasswd files are in the format username:password, where the password is A 13-CHARACTER crypt() ENCRYPTION OF THE FIRST 8 LETTERS OF THE USER-ENTERED PASSWORD. That is the standard, and that is what .htaccess uses. Maybe I'm being obtuse here; maybe there is some way to change the encryption algorithm from crypt() to some custom hashing algorithm. But if the web designer was stupid enough to put the .htaccess file in the same directory that he was blocking off, I really doubt he would be cautious enough to change the encryption on the password, and even if he was, he sure as hell wouldn't change it to something that can be cracked with a simple rainbow table, he would salt it appropriately etc.

tl;dr: Finding the actual relevant files: alright. Some required knowledge of Apache and directory structure etc: cool. The rest: total bullshit.

Can some admin please fix this? Or at least justify the reasoning behind it?

[nerdysmurf]

the hash type is F***B**, right?
I'm using MD-crack, and the auto-detect says that it is a F***B** hash.
any help here would be great.

[GSmyrlis]

ANSWER THEM! I HAVE STACKED IN THE DIRECTORY WHICH I FOUND FROM ANOTHER DIRECTORY!
It asks me UserName and Password like when I join my server. What the Hell do I have to do? If you give me an article you will be helpfull!!!

Just help me goddammit! That's a difficult challenge :/

[Enzime59]

I think JTR works with a bit different commands now. Using the old tutorials isn't very useful anymore.
It keeps saying: "no such file or directory" when I type the path and command to single crack the pass.txt that I made (I didn't name it pass.txt.txt). ad**********:$******..******/*** is what I put in the pass.txt file, that shouldn't be the problem.
So basically I'm stuck on using JTR and feel really noob.


For the people that have trouble finding the hash: Read about how apache uses the authentication screen. Find out what the function of the php script is and try to use it to your advantage.

[nofounture]

hi,everyone,i complete this mission,the jtr sufferd me a lot ,when i put the hash into mypasswordfile.txt,it said "no hashes loaded",i tried a lot of way to fix it ,you can't believe that i solved it in the dream,to those guys who met the same problem as me , the solved way is that : the hash we found is "admin*******************/***",but when we put into txtfile,it was "admin**************/**** ".
Edited out spoiler content

[bcarl6]

Okay, so I was really stuck on this one. I know how to crack the hashes once I found them, and I know about password protected directories (as used in Apache). I knew that the the .htaccess file was used to define the password protection, and the .htpasswd file is used to store the passwords for the HTTP authentication. Also, I knew that the .htaccess file was stored in the directory that was being password protected.

So, what directory is being password protected? Once you know that, where do you think the two configuration files are located?

[Ramurak]

Hey guys. I finally got this one finished, but I had a lot of trouble getting JTR to run. I had zero luck with C&A...was getting an error about needing to be a certain amount of bits or something... I was trying to use JTR from windows CMD terminal, but was getting errors regarding a cygwin.dll. I honestly didn't know what the hell that was lol. Eventually downloaded Cygwin Terminal and just put my copy of JTR in Cygwin's home file and ran the damn thing from in there. Was there an easier way to do this mission on windows??????

[cyberdrain]

I don't remember ever using cygwin or linux for this mission. Are you sure you got the right version and ran as an Administrator under Windows? Anyway, there are other programs out there that can be used. They might not be as fast, but most do work. Also, some hashes (like MD5, NTLM and more) are available for 'decrypting' online. Those sites just use a lookup table, but as they usually have at least a seven character database, most passwords can be found faster there than using rainbowtables or bruteforce (obviously). But hey, using Cygwin can also be a learning experience and you get a nice shell for the next time you want to try linux commands without having to install an entire OS. And you can be proud that you used a method most wouldn't use (for better or worse, you decide).

[Ramurak]

Thankyou. I just retried it making sure I used an elevated CMD instead of just a regular instance and it seemed to work OK. at least I got myself introduced to Cygwin though lol. anyway, I was also wondering...JTR seemed to bust this mission in about 2 seconds, but I tried my own hash that I generated in C&A and there was no visible progress. Any idea why that is? I used some pretty simple short words for the hash and let JTR run for HOURS with nothing. I'm a little confused about that.

also- could you point me to where I can learn about lookup tables and rainbow tables and stuff, and learn how to use them. And any of those websites that do it for you as well? I'm trying to soak up any knowledge I can, but I'm having trouble finding in depth knowledge...usually only able to find a 3 minute youtube video with shitty techno music and some kid typing on notepad...

[cyberdrain]

Here you go:
Rainbowtables (you don't need the client, just learn for now)
Online hash cracker (this will do fine and uses rainbow tables in itself)

Free of charge But the knowledge you get there should be a kick-start, nothing more. Use it to find something more valuable on Google, as all information is incomplete.

As for the cracking problem: did you copy the right hex and set JTR correctly, like not trying to use a MD5 algorithm on an NTLM hash (don't know if that's possible)? Haven't tried that though, so can't help you further on that. Incidentally some hashes won't easily be cracked by certain software (because of settings or code differences)...