Hack This Site (TOR .onion HTTPS - HTTP) - IRC - Discord - Forums - Store - URL Shortener - CryptoPaste   ---   Like Us - Follow Us - Fork Us
Hack This Site
Support HackThisSite - Advertise with us!
"The word 'radical' derives from the Latin word for root. Therefore, if you want to get to the root of anything you must be radical. It is no accident that the word has now been totally demonized..." -- Gore Vidal

Realistic 5 - Full Tutorial
Published by: nikolanicic, on 2008-01-28 03:10:24
Since there is no other walthrough/guide for Realistic Mission 5, I made one :P

What you will have learnt at the end of this guide :
1. What is hashing in general ?
2. Is hashed password safe? Can it be decrypted/cracked ?
3. What are collisions and how are they created ?

----------

Damn Telemarketers!
Telemarketers are invading peoples privacy and peace and quiet. Get the password for the administrative section of the site to delete their database and return the privacy of their victims!

-----

From: spiffomatic64

Message: Yo! This is Spiffomatic64 from Hackthissite.org! I'm a bit of a hacker myself as you can see, but I recently came upon a problem I couldn't resolve...

Lately I've been getting calls day and night from the telemarketing place. I've gone to their website and hacked it once deleting all of their phone numbers so they wouldn't call me anymore. That was a temporary fix but they put their database back up, this time with an encrypted password. When I hacked them I noticed everything they used was 10 years out of date and the new password seems to be a 'message digest'. I have done some research and I think it could be something called MD5. I think you could somehow reverse engineer it or brute force it. I also think it would be a good idea to look around the server for anything that may help you.

-----

http://www.hackthissite.org/missions/realistic/5/

----------

So we begin...

First step is to observe closely all content on the site, especially the news items. Read all the news, did you find anything suspicious?

9/15/03 - Google was grabbing links it shouldn't be so I have taken extra precautions.

So yes, you got it, now the question is how does one prevent Google from indexing his site? Answer is pretty simple, google it.

Considering you have made it past the first stage, you now have access to 2 new directories. One will allow you to download a hash file and the other will give you a 32 bit HEX string (0-9a-f). Both of these are equally important for this mission.

Now remember go back to the Mission Message and read it again, thouroughly. It gives an idea regarding the algorithm used for hashing the password along with a statement that goes like.....

...When I hacked them I noticed everything they used was 10 years out of date.......

Suspicious isn't it? But now since you have acquired the hash file lets make some good use of it. What do you do with a file that hash no extension, open it up in notepad to see what treasure lies inside. Yes indeed it gives you...

1. The algorithm used for hashing
2. The Character Set used for the password.

Now that you know what the algorithm is lets enlighten ourselves, read up a little on the algorithm.

OK I wouldn't go into details explaining the actual algorithms behind hashing strings using MD4/MD5 etc but a general explanation of what hashing actually is.

-----
A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
-----
http://www.webopedia.com/TERM/H/hashing.html

Make a note of that last statement
extremely unlikely that some other text will produce the same hash value....

Yes, indeed extremely unlikely, but definately possible.

-----
Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. In August 2004, researchers reported generating collisions in MD4 using "hand calculation" [1], alongside attacks on later hash function designs in the MD4/MD5/SHA/RIPEMD family.
-----
http://en.wikipedia.org/wiki/MD4

So a little summary..
* MD4/MD5 are message digest/hashing algorithms which will produce a 32 character hexdecimal string, no matter however long the input may be.
* Since the possible combinations of hashes is a limited amount (2^128) for 128bit hashes, and the possibility of input strings is infinity, there will always be more than one string generating the same MD4/MD5 hash. These strings are known as collisions.
* They are one way algorithms hence, MD4/MD5 cannot be cracked, but they can be bruteforced to find collisions.

Once you find a collision the telemarketing site will accept that password and do a md4/md5 hash of the password and compare it with the md4/md5 value stored in the database. When they match you will be given access.

But now the question arises, how will you find a collision? Simple answer again a Google search will reveal numerous tools for bruteforcing MD4/MD5 hashes.

Head on to http://membres.lycos.fr/mdcrack/ and download MDCrack GUI version.

Now comes the fun part, where we will actually bruteforce the MD4/MD5 hash we got earlier using this tool.

Enter the 32 chracter hash into the box. Select the Character Set you found in the hash file. And from the algorithms menu select the algorithm you found within the hash file. When thats done hit the Start button and wait for about 30 seconds. The program will find the first collision and stop. Make a note of that collision string, thats your password through Mission 5.

Now a few footnotes. You may conclude from the above that MD5 algorithm is absolutely unsafe. Well, not always. A general practice on a website is to accept user input of password append it on both sides with a secret key (consisting of random ASCII characters, yes, all 255 characters are allowed), and then MD5 the resultant string and compare it with the MD5 stored in the database for authentication. So even if you DO find a collision for that MD5 hash, its certainly of no use since when the website appends the secret key to both its sides it becomes different from what the original password string would look like when hashed using MD5.

Example :
I find a collision for 3d5e7f9a9c47af65de95b876c065d87e

Say it is b348hi

And the Secret stored in the Database of the server is hf&^ft%

The actual password of the user is : flash

Now 'b348hi' when hashed using MD5 will generate the above hash.

But hf&^ft%b348hihf&^ft% will generate a completely different hash when compared to hf&^ft%flashhf&^ft%

By: nikolanicic
Cast your vote on this article
10 - Highest, 1 - Lowest

Comments:
 Published: 16 comments.

Page: 1 [2]

 daviesgeek - 06:33 pm Saturday September 10th, 2011
Report this post
Avatar

Thanks so much! No spoilers!! I give you a 10!


 nerdysmurf - 12:48 am Thursday March 08th, 2012
Report this post
Avatar

AWESOME!!!
gr8 tutorial.
9.5/10
EDIT:
just finished the mission.(was tying to use MD5 not MD4)


 Yaulp - 09:51 am Tuesday August 14th, 2012
Report this post
Avatar

Really good tutorial, but like in every threat you spoil MD4/MD5 so I give you a 9/10 :p
Im using that site to learn how can I use programming skills to hack, and without this tutorial I would never find the answer of :
"9/15/03 - Google was grabbing links it shouldn't be so I have taken extra precautions."!

Sorry for my bad english, good work ty!


 GershiBelshi - 06:47 pm Saturday February 02nd, 2013
Report this post
Avatar

thanks for the tutorial, it's helpful, I just have one question. if I want to use MD5 on my website when a user logs in and I use the technique you described at the end (adding a random key to both ends of the password before hashing and sending it to the server). Wouldn't that require me to store the password in clear-text on the servers so that it could be appended with the same secret key and hashed to see if they match. It's potentially dangerous to store the password in clear-text on the server...


 mk_93 - 03:43 pm Saturday January 18th, 2014
Report this post
Avatar

its really helpful tutorial..... thank you so much bro!!!


 Noelemac - 11:33 am Thursday March 06th, 2014
Report this post
Avatar

lol, voted for the article and received folowing note:
Vote must be below 10 or above 1. This isnt realistic 1, dude ;p


 conanandai100 - 07:19 am Monday May 05th, 2014
Report this post
Avatar

JTR maybe better


 The Annihilator - 05:33 am Thursday February 26th, 2015
Report this post
Avatar

ok, i'm running an MD4 cracker right now, how much time does it take to finish generating collisions?


 Mad3ngineer - 06:57 am Tuesday April 26th, 2016
Report this post
Avatar

Thanks for the tutorial, I dabbled a bit and wrote a quick C# program to attempt this, and I am still waiting for the result (I didn't make it multi-threaded or anything fancy like that), hence my looking at this thread to see if I am doing it right. Here is the code if anyone cares to see it: http://pastebin.com/crZRQYA8

It basically just for-loops each possible value of strings for a password that is 10 digits long(Is there a more logical number of digits to use?) and compares the MD5.

Also, any critique on my coding? Particularly, I wasn't quite sure what the best way to exit my possible-values loop, so I used an exception. I feel like this is a sort of messy approach, does anyone else see a more elegant way to do this?

Thanks again for the tutorial and anyone who takes the time to look over my code.


 L33TRice - 02:18 am Wednesday August 24th, 2016
Report this post
Avatar

I feel like I did something wrong, but I still was able to pass the mission. I simply found the 32 bit hex string from admin.bak.php and entered it here: https://md5hashing.net/hash/md4. This gave me a 5 character password which was valid. I didn't need the hash file at all (though it did lead me to using an md4 decrypter instead of something else).

(edit) Nevermind, I guess that's all there is to it. That website just happends to automatically determine the character set. I was also under the impression that the hash file was needed for more than it was.


 MrFiregleam - 02:40 am Monday December 18th, 2017
Report this post
Avatar

Is it just me who tries to do realistic 1 on this forum vote?
:P


 jameel saeb - 10:48 am Sunday October 20th, 2019
Report this post
Avatar

guys I have tried every way so solve my hash but they always say that there is no match my hash:9cc10abd9ef45e0c08ce2d089ba16681 can anyone help?


 hackedITXD - 06:35 pm Monday March 23rd, 2020
Report this post
Avatar

anyone happens to get hash value of
66e3d2e8cc5bd2c33ff8d30ddb3816d8
it's refered by the hash file from /lib that the value is encrypted with md4, I tried it with online hash cracker but it seems to be no match with any value in md4, I have also tried all possible hash methods, but no match


 HEISENBERG_007_ - 12:35 pm Sunday May 23rd, 2021
Report this post
Avatar

I got the hash string but can't convert in text on any hash site... Please help.
6eb74bfdefa02665332f931d961f167b here is my hash.... Please help.


 strydomh - 12:34 pm Wednesday October 26th, 2022
Report this post
Avatar

This does not seem to be working anymore. Help?


 Spyderhacker1234 - 06:26 pm Tuesday February 21st, 2023
Report this post
Avatar

I've got a problem. I'm still trying to complete this one and I've already completed other Realistic exercises past this one. I've tried cracking the hash but it just doesn't work, saying nothing matches my hash, and I've viewed other tutorials but none of them use the same hash. I'm completely stumped. This is the hash it gives me, if anyone can crack it I'll be extremely grateful.

29fc034664be6e9cc6270437eb46c5a2



Page: 1 [2]

End Footer

HackThisSite is the collective work of the HackThisSite staff, licensed under a CC BY-NC license.
We ask that you inform us upon sharing or distributing.

Page Generated: Sat, 03 May 2025 18:13:27 +0000
Web Node: www03 | Page Gen: 0.238s | DB: 10q
Current Code Revision: v3.2.5 (Sun, 22 May 2016 20:29:51 +0000)

  Page View Counter

retired