Please ask questions ONLY in this topic.

Re: Clueless.

Post by c24lightning on Wed Apr 30, 2008 6:21 pm
([msg=1772]see Re: Clueless.[/msg])

sniper15 wrote:i'm not sure if this is a spoiler or not but here we go... the hashed file is called .htpasswd so you use that knowledge and that of directory transversal and a little bit of url exploitation and poof there you go. ---------------------------------------- i hope i didn't give to much information away. i didn't really tell you how to accomplish anything just where to look. hope that helps....

-sniper15

"i didn't really tell you how to accomplish anything just where to look."

Yeah -- that would be a spoiler if it were true. Anyway, you're on the line with that one.. People shoud be able to figure that out, especially if they've done the previous ones on their own.
Here's some sites you might be interested in:

Need a proxy? Here - user:pass combination is proxy:bypass
c24lightning
Poster
Poster
 
Posts: 203
Joined: Sat Apr 19, 2008 7:46 am
Location: The infinite insanity of thought
Blog: View Blog (0)


Re: Clueless.

Post by DaveDOS on Fri May 02, 2008 3:46 pm
([msg=1932]see Re: Clueless.[/msg])

Hmm... I found where the administration page is... and I believe that you edit the URL to allow you to see the hashed password file... But the directory transversal I'm using isn't working. No matter what I do, it says I cannot view that file. Even if I do have access to it.

I'm not exactly sure where the password file is even located...
DaveDOS
New User
New User
 
Posts: 2
Joined: Tue Apr 29, 2008 3:23 am
Blog: View Blog (0)


Re: Clueless.

Post by Sydeth on Sat May 03, 2008 6:09 am
([msg=1963]see Re: Clueless.[/msg])

For all of you clueless peoples, you might need some Apache knowledge, at least about authorization.

http://httpd.apache.org/docs/1.3/howto/auth.html

And no, I didn't complete that mission. I can't find the right file.

EDIT: Nevermind, I have completed it. You have to remember, even though the showimages.php script may fool you, it is one directory higher than the images folder. Read this thread once more and you should already know what I'm talking about.

EDIT #2: Also, when you get the file, you might want to crack it. If you are on a *nix system (Linux, *BSD, OSX) just compile John The Ripper. http://www.openwall.com/john/
Sydeth
New User
New User
 
Posts: 7
Joined: Sun Apr 27, 2008 9:18 am
Blog: View Blog (0)


Re: Clueless.

Post by c24lightning on Sat May 03, 2008 7:06 pm
([msg=2020]see Re: Clueless.[/msg])

Sydeth wrote:EDIT #2: Also, when you get the file, you might want to crack it.

<sarcasm>No, just enter in the hash and it will let you in..</sarcasm>

Of course you have to crack it! There's no "might want" about it!
Here's some sites you might be interested in:

Need a proxy? Here - user:pass combination is proxy:bypass
c24lightning
Poster
Poster
 
Posts: 203
Joined: Sat Apr 19, 2008 7:46 am
Location: The infinite insanity of thought
Blog: View Blog (0)


Re: Clueless.

Post by Sydeth on Sun May 04, 2008 5:04 am
([msg=2054]see Re: Clueless.[/msg])

Oh, hush. I'm trying to be polite.
Sydeth
New User
New User
 
Posts: 7
Joined: Sun Apr 27, 2008 9:18 am
Blog: View Blog (0)


Re: Clueless.

Post by Crystal_Bearer on Sun May 18, 2008 4:37 am
([msg=2719]see Re: Clueless.[/msg])

Sydeth wrote:Also, when you get the file, you might want to crack it. If you are on a *nix system (Linux, *BSD, OSX) just compile John The Ripper. http://www.openwall.com/john/


I can't get the straight nix version to run on OS X. The Pro costs like $60. So, does anyone else know of a decent (or not) cracker for OS X?
Crystal_Bearer
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 15, 2008 1:48 am
Blog: View Blog (0)


Re: Clueless.

Post by Crystal_Bearer on Sun May 18, 2008 4:39 am
([msg=2720]see Re: Clueless.[/msg])

c24lightning wrote:
Sydeth wrote:EDIT #2: Also, when you get the file, you might want to crack it.

<sarcasm>No, just enter in the hash and it will let you in..</sarcasm>

Of course you have to crack it! There's no "might want" about it!

Here's your sign...





I can't believe I used that, lol
Crystal_Bearer
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 15, 2008 1:48 am
Blog: View Blog (0)


Re: Clueless.

Post by c24lightning on Wed May 21, 2008 5:30 pm
([msg=2958]see Re: Clueless.[/msg])

.ht*******d
Here's some sites you might be interested in:

Need a proxy? Here - user:pass combination is proxy:bypass
c24lightning
Poster
Poster
 
Posts: 203
Joined: Sat Apr 19, 2008 7:46 am
Location: The infinite insanity of thought
Blog: View Blog (0)


Re: Clueless.

Post by wolfganga on Fri May 23, 2008 3:40 am
([msg=3073]see Re: Clueless.[/msg])

sniper15 wrote:i'm not sure if this is a spoiler or not but here we go... the hashed file is called .htpasswd so you use that knowledge and that of directory transversal and a little bit of url exploitation and poof there you go. it will dis play the hash file as a broken image (image with a red X in the top right corner). i hope i didn't give to much information away. i didn't really tell you how to accomplish anything just where to look. hope that helps....

-sniper15



most helpful :twisted:
wolfganga
New User
New User
 
Posts: 9
Joined: Sun May 11, 2008 5:08 am
Blog: View Blog (0)


Re: Clueless.

Post by Nocteria on Fri May 30, 2008 1:56 pm
([msg=3745]see Re: Clueless.[/msg])

THIS is annoying!! I can see half of the hash ! but all the browsers i tried are putting some .... and concea the midle part ::@@ any ideas/hints on what i can do here to reveal the whole thing?
Nocteria
New User
New User
 
Posts: 4
Joined: Wed May 28, 2008 8:28 am
Blog: View Blog (0)


PreviousNext

Return to (Real 7) What's Right For America

Who is online

Users browsing this forum: No registered users and 0 guests