Please ask questions ONLY in this topic.

Re: Clueless.

Post by rigger_john on Mon Jun 30, 2008 2:57 pm
([msg=6153]see Re: Clueless.[/msg])

I'm totaly clueless on this one, so far I have managed to find a directory listing which shows the /admin folder, when I click on that I get a pop up asking for a ussername and password.

I've know idea where to go from there.

I have googled Apache as suggested somewhere else on this thread but I have to be honest it didn't throw any light on the subject.

I'm thinking that I need to either use some sort of SQL in the password and username boxes, to get me into /admin where I think the password hash will be.

Am I even close to the right track?

Any pointers to useful links ect would be very nice :)

Thanks
<disclaimer>
I know nothing about hacking, I've just managed to stumble through a few missions
</disclaimer>

FOR ALL THE MISSION ANSWERS CLICK HERE!
rigger_john
New User
New User
 
Posts: 24
Joined: Thu Jun 26, 2008 7:37 pm
Blog: View Blog (0)


Re: Clueless.

Post by gibbon1993 on Tue Jul 01, 2008 12:47 pm
([msg=6247]see Re: Clueless.[/msg])

phunkedelik wrote:yeah, its hard to get. my best so far finding the hash was probably the imageshow one but it still says i dont have permission when i went ../.htpasswd


I've had exactly the same problem :x i do "showimages.php?file=../.htpasswd" and then it sends a page saying "You Can't View That File"
gibbon1993
New User
New User
 
Posts: 2
Joined: Thu Jun 26, 2008 2:10 pm
Blog: View Blog (0)


Re: Clueless.

Post by rigger_john on Wed Jul 02, 2008 1:31 pm
([msg=6373]see Re: Clueless.[/msg])

rigger_john wrote:I'm totaly clueless on this one, so far I have managed to find a directory listing which shows the /admin folder, when I click on that I get a pop up asking for a ussername and password.

I've know idea where to go from there.

I have googled Apache as suggested somewhere else on this thread but I have to be honest it didn't throw any light on the subject.

I'm thinking that I need to either use some sort of SQL in the password and username boxes, to get me into /admin where I think the password hash will be.

Am I even close to the right track?

Any pointers to useful links ect would be very nice :)

Thanks


Anybody?
<disclaimer>
I know nothing about hacking, I've just managed to stumble through a few missions
</disclaimer>

FOR ALL THE MISSION ANSWERS CLICK HERE!
rigger_john
New User
New User
 
Posts: 24
Joined: Thu Jun 26, 2008 7:37 pm
Blog: View Blog (0)


Re: I got the hash...

Post by T3hR34p3r on Thu Jul 03, 2008 11:40 am
([msg=6456]see Re: I got the hash...[/msg])

Edit: Nevermind, takes JTR about 4 seconds.
Last edited by T3hR34p3r on Sun Jul 06, 2008 6:15 pm, edited 1 time in total.
They call me Ishmael... I'm not sure why.
User avatar
T3hR34p3r
Experienced User
Experienced User
 
Posts: 87
Joined: Sun May 18, 2008 2:23 am
Blog: View Blog (0)


Help is needed

Post by Jt Persian on Fri Jul 04, 2008 11:42 am
([msg=6535]see Help is needed[/msg])

I've been working my butt off on this one, and I'm not even sure of what I'm supposed to be doing.
The thing I've been trying is accessing the directory where htaccess or htpasswd is, and it gives me an error message on 'showimages.php': "You Can't View That File". On every directory I try, every password I put in to try to access the admin folder, it's failed. Plus I tried '../../usr/local/apache/bin/htaccess' and 'images/../ etc.' , and those plus many other variants gave me the same error message.
I tried looking for help elsewhere, but that was no good, so I'm going to my last resort and asking you guys.
Jt Persian
New User
New User
 
Posts: 1
Joined: Tue Jul 01, 2008 11:11 am
Blog: View Blog (0)


Re: Clueless.

Post by rigger_john on Sat Jul 05, 2008 4:58 am
([msg=6610]see Re: Clueless.[/msg])

any help?
<disclaimer>
I know nothing about hacking, I've just managed to stumble through a few missions
</disclaimer>

FOR ALL THE MISSION ANSWERS CLICK HERE!
rigger_john
New User
New User
 
Posts: 24
Joined: Thu Jun 26, 2008 7:37 pm
Blog: View Blog (0)


Re: Clueless.

Post by Dosuos on Sat Jul 05, 2008 5:41 am
([msg=6612]see Re: Clueless.[/msg])

rigger_john wrote:
rigger_john wrote:
I'm thinking that I need to either use some sort of SQL in the password and username boxes, to get me into /admin where I think the password hash will be.

Thanks


Anybody?


Its HTTP Basic Authentication. Google for how it works and you will come to know that SQL Injection won't be of any help.
Dosuos
New User
New User
 
Posts: 6
Joined: Sun Jun 29, 2008 1:52 pm
Blog: View Blog (0)


Re: Clueless.

Post by rigger_john on Sat Jul 05, 2008 8:08 am
([msg=6617]see Re: Clueless.[/msg])

The Helpful and Kind Dosuos wrote:Its HTTP Basic Authentication. Google for how it works and you will come to know that SQL Injection won't be of any help.


Well as I said eairlier

The fantasticly good looking and modest rigger_john wrote:
I have googled Apache as suggested somewhere else on this thread but I have to be honest it didn't throw any light on the subject.



But at least you steered me away from the SQL stuff, although I'd given up on that anyway. I'll keep pluging away at the HTTP stuff, so thanks for that.:) If anybody has a link that a bit more specific that would be good too.

Cheers people
<disclaimer>
I know nothing about hacking, I've just managed to stumble through a few missions
</disclaimer>

FOR ALL THE MISSION ANSWERS CLICK HERE!
rigger_john
New User
New User
 
Posts: 24
Joined: Thu Jun 26, 2008 7:37 pm
Blog: View Blog (0)


Re: Clueless.

Post by Dosuos on Sat Jul 05, 2008 12:14 pm
([msg=6633]see Re: Clueless.[/msg])

http://www.colostate.edu/~ric/htpass.html

This tutorial tells you the working detail for this type of authentication.

so, after reading this tut you know which file to go after :) and "showimages.php?file=" will be your friend for sure.

EDIT:

mission accomplished :D

after getting the hash, JTR cracked it in seconds :o . so you know which cracker to use :mrgreen:
Dosuos
New User
New User
 
Posts: 6
Joined: Sun Jun 29, 2008 1:52 pm
Blog: View Blog (0)


Re: I got the hash...

Post by HertzRST on Sat Jul 05, 2008 2:34 pm
([msg=6641]see Re: I got the hash...[/msg])

I got the hash

John The Ripper is located in C:\john1701\run

Also in "Run" Folder i've created a pwd.txt file and inside this file i got

username:passwordhash


Then what is the command to crack the hash?:(
HertzRST
New User
New User
 
Posts: 8
Joined: Sat Jul 05, 2008 6:03 am
Blog: View Blog (0)


PreviousNext

Return to (Real 7) What's Right For America

Who is online

Users browsing this forum: No registered users and 0 guests