Please ask questions ONLY in this topic.

[fashizzlepop]

TIL JTR auto detects the hash type.

I can't remember the type exactly from this challenge. If you PM me the hash I can try enlightening you.

[dan83]

bah, I can't find the .htpasswd file, can someone confirm if it's in the /a**** directory? I've tried many variations and different directories using the script. Can someone just tell me if it should be at the above location? Much appreciated

[Wideload]

EDIT: I swear, I'm going to jump off my roof right now. I had the right place in the first five minutes, but I had a spelling error. As usual, the whole thing is about a million times less complicated than I imagine it must be. To those who had trouble where I did, there should be very little guessing as to the location of the file. You can track down the location based on what you can find within the website. Links to other websites posted so far are useful for understanding what you need to find, but not really where you need to find it. Don't do what I did and try to use them to figure out the file location, or you'll spend hours going no where. I don't think this is too spoilerific. I'm just trying to separate some ideas from one another and remove some misconceptions about the problem that I developed when I was reading this thread.

It seems to me that the biggest hint is "find out where the file= gets the files from". Well, by typing http://www.hackthissite.org/missions/realistic/7/war.txt I learnt that it is "getting" the information from the route/parent directory. If that is the case, then one can assume that you need to go up one level and you can go from there. However, MrZypher, whom I quoted, said that "there should be very little guessing as to the location of the [.h....] file" and that "You can track down the location based on what you can find within the website". The only index that I can find is that of the i***** directory, which seems to be of no help, as there are no other directories that can help.

I know that sounds like I'm just thinking aloud, but what I'm really asking is how do you know where to find the file? Like MrZypher previously said, there seems to be no common or logical file path to try, and I can't work it out from what I can find. I hope I'm not being blond, and I really hate to repeat what others have already ask, but I've gone through all 23 pages of this thread and can't quite find what I'm looking for. Any assistance would be fantastic and if you need any clarification on my ramblings then I'd be happy to oblige.

[limdis]

Wow this was a real bitch! Not because it was hard but because of all the little mistakes you can make. For some reason things played out a bit differently for me than from what I was reading through the forum (yeah I went through all 23 pages). There are enough tutorials posted here to walk right into this challenge with no background knowledge of what you are doing and you can figure it out. But if you are still stuck, here is what was different for me:

Step 1 - Getting the Hash
I knew WHERE it was and HOW to get it. (if you don't - go back through the forums) But I never got a broken pic image or anything to indicate I was right. I would get things like, "You Can't View That File" or "please do not try to open image files" or "The specified file does not exist." If you see any of these you can be either really close or waaay off. I was able to duplicate all of those messages with a multitude of URL configurations and php commands not used or needed for this challenge. Now I'm not going to tell you exactly but if while you are searching for the hash and you get something other than those listed above, and you are certain you are in the right spot, you ARE VERY CLOSE. Just remember the source.

Step 2 - Time for JTR
I personally used backtrack 5, booted off a USB drive. Either way you choose to do it the biggest problem I saw going through the forums was the formatting. Don't let what the hash looks like through you off, you don't need to change anything. Just remember to use the WHOLE thing when you make your .txt file.

If anyone else is using backtrack and need some help with navigation, feel free to PM me.

[ElectroPlasma]

I've read all about Apache etc., tried many variations of stuff within the showimages.php function, and I still can't figure out where that bloody file is. If I use ../ at all I get "you can't view that file," and anything else just says that file doesn't exist. If it ends in .jpg, it says "please do not try to view image files." I really am stuck. How are you supposed to know where to look for this file?

-EP

[holdinbanks]

is this mission still down? images aren't showing up where they should, and instead it reads specified file does not exist.

[cyberdrain]

is this mission still down? images aren't showing up where they should, and instead it reads specified file does not exist.

Either they fixed it or it was only a problem on your part, the mission is looking good from here.

[wolv3rin3]

This mission don't work on FireFox to me. The browser should get the image from the .htpasswd file but it doesn't (It loaded the page, but couldn't downloading the .jpg file with the hash).
However, I tried with Chrome and the broken image appears with the hash.

Maybe, my mozilla is wrong

[piex17]

So... I found the hash and cracked it, but how do I find the username?

EDIT: Nevermind I figured it out.

[strongard]

I can not find the .htpasswd file , I only found the admin file that wants "username" "password"I try everything I learned I red all the links in the forum and others , I tried all the possibilities , more than 85 url command i red the source , examined it , analyse it , used google but no result it says " you can not view this file"
or "the file you specified does not exist2 or "please do not try to open image file" I need help and a push in the good direction..( the hints in the forum are all about how to crack the hash but not how to find it ALTHOUGH finding the hash IS A LOT MORE DIFFICULT AND COMPLICATED THAN craking it
this is what makes me wonders that people who pretends finding the hash without being able to crack it are cheaters and go to see half of the answer for this challenge in hts mission or you tube or articles which talk about this mission)

please help in how to find the htpasswd and do not tell that I want to answer or I want to be spoonfed because I have been more than 4 days trying hard to find the htpasswd with no result this regardless the hundred of articles and links in the forum I red
as you can see , a lot of people like me are stuck in how we need to find the hash file
so help for us please and not only how to crack the hash

-- Sat Feb 25, 2012 9:17 pm --

hello , for 2 days I did not get an answer for my question
I need help in this challenge
and thanks