Page 10 of 13

Re: Grump .... stuck ... whine

PostPosted: Thu Aug 20, 2009 2:38 am
by milnet_

At the article: it is shown how to build that form. As you alreadeady figured out you need a directory traversal!
HINT This implies, that you don't use the original password file!/HINT

Re: Grump .... stuck ... whine

PostPosted: Fri Aug 21, 2009 12:48 am
by illegalzxx
I need a mods or administrators help, I have the correct encrypted file and the zipped file (at the right compression). Pkcrack will not work for me. There's an issue saying "Sorry, not enough memory"...although I pretty sure there's enough.

Re: Grump .... stuck ... whine

PostPosted: Fri Aug 21, 2009 10:15 am
by InsDel
For those with illegalzxx's problem, try using the *nix version of pkcrack instead. I had the same problem at first, but booting into Linux worked for me.

Re: Grump .... stuck ... whine

PostPosted: Fri Sep 18, 2009 9:40 pm
by Maxinova
If anyone is still struggling to get the html form part of this mission to work (getting blank page after clicking the "read messages" button) this may be of help to you.

DO NOT copy and paste the form template from the tutorial. It will cause you problems.

Hope this helps.

Re: Grump .... stuck ... whine

PostPosted: Sun Oct 04, 2009 2:00 pm
by old_grizzly
for those of you having trouble with pkcrack in windows or dos.
When you are keying in the info for the encrypted file (path to encrypted file, within the zipped archive), use a forward slash instead of a backslash. Remember, the both the tools (PKzip, PKCRACK) were made for *nix based systems and i think the person/s who made the MS port might of missed a step.

This had me going for a while.


Encrypted Zip = way to go
The first logon screen = Pain in my A$$.
Second Logon (S****.php) piece of PI$$
3rd logon = thorn in my side.

Me thinks this mission should be revised and recoded.

A developer can PM me if they want to hear my idea's or shoot me a copy of the sourcefiles and I can "tweak" them and send them back for testing.

Love this Site.



Re: Grump .... stuck ... whine

PostPosted: Sun Feb 07, 2010 7:06 pm
by chronic12
I am having problems with the form here is what I am using I saved it in notepad as doc.html and then execute it. I get a send button on the page press that and a blank page is this correct? however when I click the read messages I get wrong username/password msg. Here is my form:

[Removed by: Defience]

can anyone see fault with this? :cry:

-- Sun Feb 14, 2010 10:38 am --

My form has been removed but no reason given or response?

-- Tue Feb 16, 2010 4:44 pm --

Defiance can you tell me why my form was removed and any advice you have on its functionality?

Re: Grump .... stuck ... whine

PostPosted: Mon Mar 22, 2010 6:51 pm
by UKCrack
Hey there, I had problems when dealing with this until I had a few coffees and realized things.
Look around the forums, more than plenty of hints around. Read the code you found, analyze the important stages.
Then think how things are processed. The trick is to work out a few lines of code an work the bypass

Re: Grump .... stuck ... whine

PostPosted: Sun Mar 28, 2010 1:05 am
by gregorian
Please don't use 7zip for compressing the file to 1245 bytes. It's not going to happen. After many frustrating attempts, I just used the software mentioned in the tutorial and achieved the compression almost immediately. Then I pkcracked it in less than five minutes.

-- Sun Mar 28, 2010 3:26 am --

I'm trying to get past the blank message part. I understand that I need to make the regular expression evaluate to true. I used TamperData add on on firefox to send some strings to the script but nothing happens, I get a blank page.

When I do the same thing using a Perl script I'm able to see the error message. I don't know why can't I get this error in a browser. What's going on?

-- Sun Mar 28, 2010 6:27 am --

All right, I can't proceed beyond this point since the solution that works on my computer doesn't work on the server. This regular expression matches everything (of a large length) using only the allowed characters. I have no idea why it doesn't work on the server:

Perl script

Code: Select all
#.[(*$^+\| are not allowed

my $x;
foreach $i (a..z,0..9,A..Z) { #Each character or digit can appear 0 or any number of times consecutively
$x .= "$i\{0,\}";
$x .= "!\{0,\}@\{0,\}#\{0,\}%\{0,\}&\{0,\}_\{0,\}-\{0,\}=\{0,\}`\{0,\}~\{0,\}"; #Now I put symbols
$x .= ";\{0,\}'\{0,\}]\{0,\}}\{0,\}<\{0,\}>\{0,\}:\{0,\},\{0,\}";

#$x .= '\)\{0,\}"\{0,\}\/\{0,\}?\{0,\}'; These symbols cannot be put in the string without using the backslash (which is censored). Hence I've commented it out

$x x= 100; # Repeat the entire construct a 100 times

-- Sat Apr 03, 2010 5:23 am --

I've finally completed the mission. Regarding my previous regular expression query, the only reason I believe it doesn't work is because HTS doesn't accept that particular solution. Please correct me if I'm wrong, because in my opinion the solution using the regular expression generated by the above script is more general than the one given in the tutorial. I noticed that the characters { , } were not censored by the script so I could use "{0,}" as a substitute for "*". I believed that this was the method because those particular characters were conspicuously not censored.

If you have got to the point where you need to crack the double MD5, remember that the first MD5 crack must produce a 32 bit value (because the first MD5 encryption would have produced a 32 bit value). MDCrack won't allow my CPU to crack values 32 bits in size so I used an online MD5 database. A database doesn't compute, it just saves time if the hash has been cracked before.

The last part of the mission is using a buffer overflow. The method for breaking it was obvious to me after reading the Buffer Overflow articles on this site.

I however am still looking for the answers to Q1. and Q2.

Best of luck.

Re: Grump .... stuck ... whine

PostPosted: Tue Jun 15, 2010 12:40 am
by sanddbox
I'm getting the same "Sorry...out of memory" problem that other user was getting. What do?

Re: Grump .... stuck ... whine

PostPosted: Mon Jun 21, 2010 11:32 pm
by msbachman
Why do people keep insisting on necessitating the compression results in a file size of 1245 bytes?? It needn't be this at all. I decrypted it with a file size (zipped) of 1361 bytes.

That had me confused for a few good hours. Hopefully noone else gets trolled like I did on this by people who don't know what they're talking about.