"One of the best ways to get yourself a reputation as a dangerous citizen these days is to go about repeating the very phrases which our founding fathers used in the great struggle for independence." --Charles Austin Beard
Things you need to know:
“Friend of freedom and liberty, I invite you to take a look at the hate speech being spewed over the web at http://www.hackthissite.org/missions/realistic/7/. It's so funny that conservatives keep saying they want to protect the values of America - freedom, tolerance, and democracy - but when it comes to personal choices like private marijuana use or same-sex marriages, they damn them to burn in eternal hell and send them to jail. This is a personal freedom issue. No one else is hurt if two consenting adults decide to marry. But people who claim to have the moral high ground decide to ruin it for everyone else and discriminate against same-sex couples. To think that they are talking about making a constitutional amendment to STOP OUR FREEDOM TO MARRY is ludicrous. This injustice must be stopped. There is an admin section on that website somewhere, perhaps hidden among their directory structure. It would be a great fight against moral tyranny and a victory for freedom if you could somehow hack into their website. Thank you.”
Introduction- Preparation Stage
First things first, when given a mission I always like to write down the objectives in order to find out what I’m meant to be doing. In this instance; 1. Have a look around the page noting: languages and how the site runs and stores information.
2. Getting a Platform (hint)
3. Getting a Foothold
4. Exploiting a Vulnerability
5. Finishing the Job
6. Give yourself a pat on the back (Why the heck do I say things like that? :/)
Getting a platform
Ok so let’s start the mission, go ahead and open the link and have a look around on the page. In many missions I have missed small details that are quite embarrassing in the end, so take as much time to study every URL, Source and Link.
If we look on the pages we can note that the site uses PHP and draws its information from a directory. If you have found it good for you; if you haven’t keep on looking at the links to images and their directory.
Getting a Foothold
Now we have found a major hole in the site we can easily exploit this.
Where do you think a list of files on the site could be located, and how can you get there? WOW! What have we found? Amazingly we have found the entire sites directory. AND what’s this? The admin section:
“There is an admin section on that website somewhere”
Now click on it. Here we have a problem... A authentication script that we don’t know the username or password to. What can we do?
Well firstly, click the button and see what we can find? Have a look at what the server is running on (Apache) and Google it.
Wisdom for the day:
“If in doubt Google it!”
Now you should know how Apache authorizes users. How could you exploit something to find the password?
Exploiting a Vulnerability
Ok, no need to lose your cool. We did well to get this far all we have to do is remember the steps…right? Find the holes in the page and exploit it. If we look around some more we find a very interesting URL. Something that could let us see files. Now think about what file you want to see, and try looking at it.
Don't forget the Admin directory
And what have we found here. A hash? We’ll have to brute force it. I used John The Ripper. You can download an excellent version from here: John The Ripper
Cracking the Code
Now this is the tricky part for most people in this mission. Using JTR and cracking the HASH:
Firstly we need to get the hash and save it as a .txt document. Don’t forget that you must save the entire HASH. Save it as password.txt Now save this in the RUN folder where you saved JTR and then get your cmd prompt ready. Now CD (change directory) your way to your JTR RUN folder and type in John (version) password.txt and enters.
C: // John-386 password.txt
Now depending in your computer this could take between 5 minutes and an hour! You can regularly check the progress by typing random letters. Now…hopefully you have the password and should know what to do next.