HTS weekly challenge #1

This is the place for ALL of the user submitted challenges. If you create a little challenge/mission/riddle/whatever, post it here.
Forum rules
Do not post missions that you did NOT create without proper citing.

HTS weekly challenge #1

Post by WallShadow on Thu Apr 16, 2015 8:38 pm
([msg=87733]see HTS weekly challenge #1[/msg])

Hello everyone!

Tonight, I provide a simple challenge in hopes of getting as many people to participate as possible. Try your hand at it and post your results when you're done (please avoid spoiling it for others). Using pre-existing tools is a valid technique, however I recommend everyone write your own code to get some practice.

Challenge:

So, being the l33t h@x0r that you are, you've successfully pwn'd a website and dumped the database. But now you have a problem, the passwords are hashed. Your challenge is to figure out how the hash was generated, and recover the passwords for over 9000 internet points. Thinking ahead, you've created a test account with a password of 'password' which gave it a hash of '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', figure out the rest:

Code: Select all
ef797c8118f02dfb649607dd5d3f8c7623048c9c063d532cc95c5ed7a898a64f
d9184e01fe90fa4abb7b9e36f1758732378c5fbf722bfe9f57f14d2ab8f014b5
0e93defd522a6c0f64c1c6bae83dda4bdcebad0994ea793da12aa0a82d0aa610


Another site you hacked seems to be using some wierd format. Again, you create a test account with a password of 'password', giving you a hash of '5544c564:51069b6bb4593f5d8d9029f1ad076451ceea7b2b5ceb6303204888159661c93b'. Good luck!

Code: Select all
66c288aa:667c767e55482fee3c85d246a9f3611145c5c511a18392ff0a1a00624c8eb74c
8ce4f561:fe3181f192d6451349d287b745f005f0fd0d749b26e96975f79d8dcc1a7b48fc
de1abbdb:6bd1933bfc0559d239c9ee11f8d5d863abdbdd95d348440d2118285c797d0ef6


Now you've got lots of passwords, but none of your wordlists seem to work on the admin's hash. A little research shows he has a dog that he's very affectionate about.

Code: Select all
2b625d5d:6b4fe63316a17f887493c3f9717896b75f4455f238bfcd68d4466249f588ee02


<3
User avatar
WallShadow
Contributor
Contributor
 
Posts: 686
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: HTS weekly challenge #1

Post by parakkafaith on Thu Apr 16, 2015 9:45 pm
([msg=87735]see Re: HTS weekly challenge #1[/msg])

This is exciting :) I'm going to have a crack at it.
"Any technology distinguishable from magic is insufficiently advanced."
- Probably not Arthur C. Clarke
User avatar
parakkafaith
Poster
Poster
 
Posts: 176
Joined: Fri Jan 07, 2011 10:59 pm
Blog: View Blog (0)


Re: HTS weekly challenge #1

Post by mShred on Thu Apr 16, 2015 10:23 pm
([msg=87737]see Re: HTS weekly challenge #1[/msg])

parakkafaith wrote:This is exciting :) I'm going to have a crack at it.

Very punny.

Alright. Finished finding the first six hashes. Code below. Did this in python since I've recently taken it up. Figured it'd be a good way to get feedback on it. I'm not gonna say which dictionary(ies) I used as I feel that takes away from the fun.

Here is my code:
Code: Select all
http://pastebin.com/RThWbk8c


I'm still having trouble finding that last hash. I'll work on it more and post an update if when I figure it out.

UPDATE

Done. I put together a Perl script (below) to bust this one out. That script will completely solve the problem, so (unless you're a skid) don't bother checking it out unless you're completely stuck.

Code: Select all
http://pastebin.com/UZzM7Hkn


Side note: I decided to run the third hash through my dictionaries and I did end up finding it. So make sure you guys are checking for that as well. My first python script didn't bother checking for the third because I assumed it wouldn't find it. Bad idea, coulda had this problem done last night.

Badass challenge wall. +1
User avatar
mShred
Addict
Addict
 
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: HTS weekly challenge #1

Post by Turn on Fri Apr 17, 2015 10:07 am
([msg=87751]see Re: HTS weekly challenge #1[/msg])

I retrieved 4 of the hashes so far, I mainly just need to find or generate more convenient dictionaries. I really only did this for the programming side of it, here is my code, feel free to constructively criticize
Below is an idea of how it works in action
Image
Social Engineering:
<cen> .lua print ('Tsyn 9.47.-u 3 12 5')
* slickery has quit (User has been banned from HackThisSite (Attempting to use a SpyBot))
* cen has quit (User has been banned from HackThisSite (Attempting to use a SpyBot))
User avatar
Turn
Poster
Poster
 
Posts: 120
Joined: Tue Feb 17, 2015 5:42 am
Blog: View Blog (0)


Re: HTS weekly challenge #1

Post by pretentious on Sat Apr 18, 2015 6:04 am
([msg=87762]see Re: HTS weekly challenge #1[/msg])

cracked the first 2 YEEEEEHAAAAAAAAWWW :D
Though I'm trying do do it as automated and brainless as possible so I don't know how far I'll get :P
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1203
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: HTS weekly challenge #1

Post by mShred on Thu Apr 23, 2015 6:33 pm
([msg=87794]see Re: HTS weekly challenge #1[/msg])

I figured more people would at least try this one..
User avatar
mShred
Addict
Addict
 
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: HTS weekly challenge #1

Post by NETWORKsecurity on Fri Apr 24, 2015 8:38 am
([msg=87796]see Re: HTS weekly challenge #1[/msg])

Eh ill try, havent coded stuff for a while so need to get back :D
NETWORKsecurity
Super Moderator
Super Moderator
 
Posts: 134
Joined: Wed Oct 15, 2014 3:20 pm
Blog: View Blog (0)


Re: HTS weekly challenge #1

Post by mShred on Sat Apr 25, 2015 12:39 am
([msg=87800]see Re: HTS weekly challenge #1[/msg])

I'd be willing to help out if anyone needs a couple of pointers. This challenge is designed to get people in the mindset for hackery. So even if your code skillz aren't too hot, you'll at least be able to understand the idea behind the challenge.
User avatar
mShred
Addict
Addict
 
Posts: 1899
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: HTS weekly challenge #1

Post by Turn on Sun Apr 26, 2015 5:19 am
([msg=87819]see Re: HTS weekly challenge #1[/msg])

^ I am also willing to help in my leisure time.

I think it might be a good idea (if these challenges keep coming) to have an IRC channel dedicated to helping people / pointing them into the correct direction for these weekly challenges.
Social Engineering:
<cen> .lua print ('Tsyn 9.47.-u 3 12 5')
* slickery has quit (User has been banned from HackThisSite (Attempting to use a SpyBot))
* cen has quit (User has been banned from HackThisSite (Attempting to use a SpyBot))
User avatar
Turn
Poster
Poster
 
Posts: 120
Joined: Tue Feb 17, 2015 5:42 am
Blog: View Blog (0)


Re: HTS weekly challenge #1

Post by cyberdrain on Mon Apr 27, 2015 7:04 pm
([msg=87832]see Re: HTS weekly challenge #1[/msg])

I still need some good wordlists. I've known a while how to solve those hashes, part of my code is done and using a very small wordlist I cracked 1 hash. Good call on not including the code here (mShred, Turn), but through a link. As such the challenge didn't get spoiled for me (yet) :) It's great to see this challenge Wall, know that I'm working on it behind the scenes :geek:
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Next

Return to User Submitted

Who is online

Users browsing this forum: No registered users and 0 guests