Please ask questions only in this topic.

Re: If you're still stuck

Post by Defience on Thu Jul 09, 2009 11:04 am
([msg=26539]see Re: If you're still stuck[/msg])

Toster wrote:
billinghamj wrote:BTW: You DO need to decrypt the hashed stuff. (I reccomend Cain.)

I recommend Google, way faster :D


The point is to get you familiar with certain tools that are out there and to give you an idea of some of their capabilities.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by sk8n1 on Sun Aug 02, 2009 5:02 pm
([msg=27790]see Re: Please ask questions only in this topic.[/msg])

Is it just me or is the site broken? Whatever I put after "http://www.hackthissite.org/missions/realistic/13/news.php?month=", the site remains blank (no error messages). The only error message I got was when I try to subscribe to the newsletter (and it's not that usefull :S)
sk8n1
New User
New User
 
Posts: 1
Joined: Sun Aug 02, 2009 5:05 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by ding444 on Mon Aug 03, 2009 1:53 am
([msg=27800]see Re: Please ask questions only in this topic.[/msg])

This thing's gotta be broken. Half of the forms don't do anything no matter how hard you try and most pages are blank.
ding444
New User
New User
 
Posts: 1
Joined: Mon Aug 03, 2009 1:50 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by Defience on Mon Aug 03, 2009 5:56 pm
([msg=27837]see Re: Please ask questions only in this topic.[/msg])

It should be fixed shortly, the devs were working on it.
User avatar
Defience
Addict
Addict
 
Posts: 1281
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by hziggles on Sat Aug 08, 2009 11:38 pm
([msg=28030]see Re: Please ask questions only in this topic.[/msg])

Alright... far, far easier that meets the eye.
HINT: You know that tool you use every day... that little thing called GOOGLE... yeah well forget error messages and go old school.
hziggles
New User
New User
 
Posts: 3
Joined: Wed Sep 03, 2008 4:38 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by b0r15 on Mon Sep 14, 2009 3:35 pm
([msg=29645]see Re: Please ask questions only in this topic.[/msg])

I made it to the subdir page, but no matter what I try on that pag, no hash, Cant find any hashes or the fake login..although I think if I looked harder I could find the fake login, but im going crazy trying to find these hashes..any hashes..even useless ones I would be happy. Ahh im just stuck.

Need to take some time off and retry tomorrow.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2nd wind:

edit- ooh wait found the hashes! Damn how did I miss that?! Time to crack em..and find that damn Admin login page :shock:

edit2- found the shit admin page and then the real Login. Cracked the hashes(easily), got the Name and Pass, but everytime I enter the name and pw I get the same "invalid refferer as the spoofed login..? I tried to switch the h****** to see if it was a fast one, but its not, that has to be the correct login..less I missed something?? I dont think I did though

I checked cookies, but there isnt anything to modify..?? What am I missing? Been going for 8 hours. Please someone, anyone, Help me..let me know if I forgot something.

noone ever helps me :cry:
Basic: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11)
Realistic: (1) (2) (3) (4) (5) (7) (9) (10) (12) (13)
Application: (1) (2) (3)
Programming: (1)
Javascript: (1) (2) (3) (4) (5) (6) (7)
Extbasic: (1)
b0r15
New User
New User
 
Posts: 25
Joined: Fri Aug 21, 2009 6:56 pm
Location: port 8118->9050->exit node= Me
Blog: View Blog (0)


md5 hash generation

Post by h4acktut on Sun Mar 14, 2010 7:05 am
([msg=36718]see md5 hash generation[/msg])

I have a strange problem concerning the md5 hash generation: I tried to generate the md5 hash of some string with both md5sum and openssl on linux but the result was wrong (in that sense that I could not use it to go one with the mission). Then I tried a webtool (http://www.miraclesalad.com/webtools/md5.php) and got a different hash, which I could use... What is wrong with the linux md5 tools and why do they produce different results?

Edit: hey, come on - no one is using these tools??
Last edited by h4acktut on Tue Mar 16, 2010 1:38 am, edited 1 time in total.
h4acktut
New User
New User
 
Posts: 4
Joined: Mon Mar 08, 2010 8:20 am
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by HNicolai on Sun Mar 14, 2010 7:45 am
([msg=36721]see Re: Please ask questions only in this topic.[/msg])

Actually this is a quite easy mission, but you have think like the admins of the page to complete the mission.

Also here's some "hints" if your stuck:
  • You can't make a SQLi (just send "weird" data, and look at the "error page").
  • Where is most "login" pages located? Just guess, its easy... but how does the webmaster try to "hide" the other pages? They might have created a "fake" page and a "real" (but hidden) login page).
HNicolai
New User
New User
 
Posts: 4
Joined: Sat Jul 05, 2008 7:30 am
Blog: View Blog (0)


Re: If you're still stuck

Post by JiminPark on Sun Dec 26, 2010 9:51 am
([msg=51159]see Re: If you're still stuck[/msg])

billinghamj wrote:So... perhaps the same may apply to the admin section...?


Thank you...
I found ID&PW without looking hints, but I couldn't find a login page.... (even the fake one)
I was very stupid...
JiminPark
New User
New User
 
Posts: 6
Joined: Sun May 16, 2010 11:42 pm
Blog: View Blog (0)


Re: Please ask questions only in this topic.

Post by OnlyHuman on Sun Dec 26, 2010 11:16 am
([msg=51160]see Re: Please ask questions only in this topic.[/msg])

JiminPark wrote:I found ID&PW without looking hints, but I couldn't find a login page.... (even the fake one)

Think logically here. This challenge uses a very basic CMS. What name might be given to the directory that would contain resources for site admins? Think of names that would be easy to remember based on the type of content they contain. And don't try to over think it either, it couldn't be simpler. When you find the correct word, the index page for that directory will be the fake login. Once you've got that, think about how this person has attempted to secure other directories. Apply that to the directory containing the fake login and you've nailed it.
OnlyHuman
Poster
Poster
 
Posts: 191
Joined: Sat Aug 22, 2009 1:37 am
Blog: View Blog (0)


PreviousNext

Return to (Real 13) Elbonian Republican Party

Who is online

Users browsing this forum: No registered users and 0 guests