Please ask questions ONLY in this topic.

[amasarac]

i found the hash but now i'm stuck. help would be good

[always_watching]

I have the hash but when i try to crack it with JTR it says access denied. Im the administrator on this computer so im kind of at a loss. Help please?

Thanks
Always_watching

[djtecha]

For those who have found the hash and still have trouble with JTR you might wish to read http://www.osix.net/modules/article/?id=455

[ds3]

I have read all the apache tutorials and know the file name the hash should be under (I think...) and I have found the directory, but how do I get permission to view the file? Every time I try I get the "You can't view that file" message.
I need the password to get the hash I need the hash to get the password...
Any hints?

[Defience]

I have read all the apache tutorials and know the file name the hash should be under (I think...) and I have found the directory, but how do I get permission to view the file? Every time I try I get the "You can't view that file" message.
I need the password to get the hash I need the hash to get the password...
Any hints?

Pay attention to the url.....,maybe it could come in handy here.

[tomgeorge88]

Well I've tried every possible way I can think of!But how do you get the hash file? I know where it should be!! but I simply can't access it. And the 16 pages of posts are just about cracking some hash which I believe was dealt with in realistic 6!

[Defience]

Well I've tried every possible way I can think of!But how do you get the hash file? I know where it should be!! but I simply can't access it. And the 16 pages of posts are just about cracking some hash which I believe was dealt with in realistic 6!

Realistic 6 is about an encrypted message, real 7 deals with cracking hashes.
May the source be with you,
may the source be with you,
may the source be with you.

Think along the lines of basic 3, where you found something of interest and then put it somewhere useful.

[tomgeorge88]

Well srry there was a hash in real 5!! and well I looked at the source but frankly I didn't find anything interesting except a directory listing which of course has a inaccessible directory!! any other clues?

[greyshogun]

i'm not sure if this is a spoiler or not but here we go... the hashed file is called .htpasswd so you use that knowledge and that of directory transversal and a little bit of url exploitation and poof there you go. it will dis play the hash file as a broken image (image with a red X in the top right corner). i hope i didn't give to much information away. i didn't really tell you how to accomplish anything just where to look. hope that helps....

-sniper15

Thanks for the assistance, my man.

An additional technique that some of you may not be familiar with -- google hash cracking.

Many passwords have already been cracked and in this regard google is your friend.

Working through this puzzle though, I realize that I need to learn more about server security architecture (i.e. apache).

[unskilled]

i've got a bit of a problem.

i figured this one out pretty much by myself, took me a while though. i've got the hash.

the problem is jtr says it can't run on x64 (vista) and i don't know what type of hash it is for cain. i'd be grateful if someone could either decode the hash for me or tell me what type of hash it is. i'm kinda new to all this (done a bit of html and javascript, and a little bit of c++ before but never proper hacking), so i don't really know how i'm supposed to tell what kinda hash it is. they all just look like big strings of letters/numbers.

cheers