Please ask questions ONLY in this topic.

[blackneurons]

I am decode hash and have username and password . password is also dycrpt but login not work what i do now

[samadhi]

nailed this one in less than thirty minutes, these concepts must be sinking in because each mission I complete is done so with more intuition and less guesswork, time, and trial and error.

If you are having trouble with this challenge these two articles should help tremendously.

http://bit.ly/157ts8 <--- Great article on a particular method of password authentication
http://bit.ly/bmgwsM <--- This one flawlessly refreshed me on some key concepts of a certain exploit.

Good luck!

[fashizzlepop]

Trickiest part was realizing exactly what the getfile function did. I was off by a directory.

Otherwise, really simple.

[Coltragon]

I got problems understanding this .htacess and .htpasswd

I see that the user has protected his files using a htaccess and htpassw file. Now a htacess file protects all files in the directory where it's placed AND sub-directories.
Whenever i try to move to the parent directory using ../ i get an error 'cannot view this file'. So this means the htaccess file is in the parent directory or higher in the directory tree. But than how can i still view the webpages as they are lower in the directory tree and should be protected by the htaccess file above it.

Any help is accepted.

[cumbrous_cunt]

hey everyone i'm sort of stuck...
i figured out to get the hash, but then i stumbled upon a problem.
I was searching for a cracker and i came on to "johntheripper" but everywhere i downloaded the program it gives me trojans...

So here comes my question: Could anyone send me a clean version of johntheripper? or know any other good cracker?

Thank you in advance.

[insomaniacal]

This will get you a clean download.

If your anti-virus complains about a possible Trojan, it's a false-positive.

[Okeymaker]

Ehrm, I have completed this mission, but that was because I took a shortcut. I showed a "friend" the hash and he told me what type it was, but I don´t know how to identify hash types myself... If someone can give me a link to a giude that learns out how to recognize different types of hashes, I promise to return the favor if I can! (And if you not simply ask me to do something TO big, like criminal things etc.).
SO THE QUESTION IS; HOW DO I KNOW WHICH TYPE OF HASH IT IS?

[Sawny1337]

JTR does this in one second if you do it right.
If you do wrong, well then i takes hours or days or years...

[fashizzlepop]

SO THE QUESTION IS; HOW DO I KNOW WHICH TYPE OF HASH IT IS?

Experience and knowledge of different hash types (they all look slightly different other than MD* being similar). Also read the mission info to see what age the hash method is that is being used.

[dxt3r]

Hi!

I have the username and the password (not just the hash), but I can't log in to the admin page.
What am I doing wrong?

Thanks