Please ask questions ONLY in this topic.

Re: Please ask questions ONLY in this topic.

Post by Ramurak on Mon Aug 06, 2012 12:57 am
([msg=68583]see Re: Please ask questions ONLY in this topic.[/msg])

Thanks for the links. I'll dig into those tonight.

Yeah, I'm pretty sure I had JTR configured properly...Though, I admit I really don't know how to use it properly...I just ran it against the hash file that made, in the same style that it worked for the mission...I even retried C&A on the hash that I made and it said something about taking years...easiest way to get me to fuck off about something is tell me it will take more than a few hours lol.
Ramurak
New User
New User
 
Posts: 8
Joined: Sun Jul 22, 2012 8:14 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by krisby174 on Wed Aug 08, 2012 8:04 am
([msg=68637]see Re: Please ask questions ONLY in this topic.[/msg])

for who stuck
the hash is
krisby174
New User
New User
 
Posts: 13
Joined: Wed May 16, 2012 8:11 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by cyberdrain on Thu Aug 09, 2012 5:06 pm
([msg=68654]see Re: Please ask questions ONLY in this topic.[/msg])

Come on, that's not the point of these challenges. If you want to be spoiled buy a puzzle-book or similar and look at the answers before doing them. Also: don't be so negative, 'for who suck' isn't friendly or constructive if you do suck.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1081
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Ice-Cyber on Thu Aug 16, 2012 7:44 am
([msg=68765]see Re: Please ask questions ONLY in this topic.[/msg])

JTR cracked it in no time!
Ice-Cyber
New User
New User
 
Posts: 1
Joined: Thu Aug 16, 2012 7:41 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by InVise on Thu Oct 25, 2012 2:11 pm
([msg=70404]see Re: Please ask questions ONLY in this topic.[/msg])

I have been going insane over this and as it turns out, I was doing exactly what I needed to do. I opened the same link (the one with the broken image) in Firefox and in Chrome. I had been working in Firefox the entire time and no broken image was shown, unlike in Chrome. I looked at the source code in both browsers and they generated different outputs. Does anyone know what might have caused this? So a hint to people who are stuck at finding the correct directory: perhaps switching browser will help.

EDIT: I didn't manage to crack the hash with MDCrack because it doesn't automatically recognize what kind of hash it is, so instead I used JtR. Can somebody explain how to distinguish between different hash types?
InVise
New User
New User
 
Posts: 2
Joined: Tue Oct 23, 2012 4:25 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by mookalovesgloop on Sat Nov 03, 2012 7:10 pm
([msg=70545]see Re: Please ask questions ONLY in this topic.[/msg])

my favorite realistic mission so far! it felt sooooo l337 doing my thing with JTR (after i spent about 10 minutes figuring out how to work it of course! :mrgreen: :oops: )...now if i could just figure out 4 and 6 lol
peace and blessings

mooka
Image
gloop!
User avatar
mookalovesgloop
Poster
Poster
 
Posts: 167
Joined: Wed Apr 18, 2012 7:48 pm
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by EcceGratum on Tue Nov 27, 2012 10:58 am
([msg=71371]see Re: Please ask questions ONLY in this topic.[/msg])

I've been playing with this for 2 days now. I found out so far that this was an MD* ...x type hash with both the salt and the hash value hashed together.
My queswtions:
It has a salt which should prevent me from any attacks (BF, dict, rainbow), and the crypt algorithm is very slow, so does it make sense at all to play with a cracker program?
If yes,
What program should I use? I do have PasswordPro but it coulnd't solve it. Maybe any tips for restrictions to use, like dictionary, rules etc? (I have read that rainbow tables won't work with these...)
Thanks!

-- Tue Nov 27, 2012 6:13 pm --

[quote="UsernameHerpDerp"]OK, I have several problems with this mission.
Secondly - Why the shit would the .htpasswd file have a password encrypted in some bullshit hash? .htpasswd files are in the format username:password, where the password is A 13-CHARACTER crypt() ENCRYPTION OF THE FIRST 8 LETTERS OF THE USER-ENTERED PASSWORD. That is the standard, and that is what .htaccess uses. Maybe I'm being obtuse here; maybe there is some way to change the encryption algorithm from crypt() to some custom hashing algorithm. But if the web designer was stupid enough to put the .htaccess file in the same directory that he was blocking off, I really doubt he would be cautious enough to change the encryption on the password, and even if he was, he sure as hell wouldn't change it to something that can be cracked with a simple rainbow table, he would salt it appropriately etc.

-From the Apache site, about switches: "-m: Use MD5 encryption for passwords. This is the default."
-As for the ridiculous security leak.. what if they put it in restricted URI? The mission would not be harder but IMPOSSIBLE :)
IMHO this mission is cool anyway. If it was only for a weak encryption it would be boring. I also liked the part of finding out the hash format. And I'm not finished yet :)
EcceGratum
New User
New User
 
Posts: 20
Joined: Wed Nov 07, 2012 4:29 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Amazingred on Sat Dec 01, 2012 10:50 am
([msg=71456]see Re: Please ask questions ONLY in this topic.[/msg])

I think you may be overthinking this. start with what you know. you have obviously found the info that you are going to have to tinker with. so now you know the username for sure and you have the "Hash" for the rest of the required information. So in general what is the best way to crack a hash that you can think of?

HINT: look really close at recent posts....
There are 10 types of people in the world. Those who understand binary and those who don't.
User avatar
Amazingred
Experienced User
Experienced User
 
Posts: 73
Joined: Wed Jul 25, 2012 7:10 pm
Location: Wayyyyyy out there
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by EcceGratum on Wed Dec 05, 2012 11:43 am
([msg=71549]see Re: Please ask questions ONLY in this topic.[/msg])

Thanks! I succeeded it by using the RIGHT program... Password Pro didn't work although it knows this kind of hash. John the Ripper instantly solved it without the need to specify the hash type.
EcceGratum
New User
New User
 
Posts: 20
Joined: Wed Nov 07, 2012 4:29 am
Blog: View Blog (0)


Re: Please ask questions ONLY in this topic.

Post by Double125720 on Sun Feb 10, 2013 3:20 am
([msg=73614]see Re: Please ask questions ONLY in this topic.[/msg])

Hello all =)

Please, pm me where is goddamn password file?! I try to found it 2 days and nothing


UPDATE:

i think, i found it. Thanks
Double125720
New User
New User
 
Posts: 2
Joined: Sun Feb 10, 2013 3:19 am
Blog: View Blog (0)


PreviousNext

Return to (Real 7) What's Right For America

Who is online

Users browsing this forum: No registered users and 0 guests

cron