Myself is a Bad Boy: Hack This Site: Realistic Mission 5

Click here: LEVEL 5

I remember that here I write SPOILERS!

I RECOMMEND to win the level alone, using also Google for Theory of arguments

So...

First of all, take a tour of the website.

It's VERY important that we read the descriptions. We will note two things:

- "Everything they use is 10 years old"
- "new password seems to be a 'message digest'"

With that, you should have a look around. You will notice that you have a lot of email addresses on the pages. These are good to keep in case you need to start guessing usernames (you don't, but just saying). On the news page you will notice something about google finding links that it shouldn't. Immediately, you should think to take a look at the robots.txt file.

In the robots.txt file, you will notice a few directories that they don't want you looking into.

These directories are "secret" and "lib".

Directory "secret" we can see also by source code of website.

However, if we go to:

https://www.hackthissite.org/missions/realistic/5/robots.txt

we see some info...

Let's do directory traversal (or path traversal) attack to the "secret" directory. We have 2 file .php:

admin.bak.php

admin.php

Check the backup script file and you'll find out a hash value:

From the hint above:

everything they used was 10 years out of date and the new password seems to be a 'message digest'

we understand that Message Digest is MD, and "10 years out of date" refers to MD4.

We need to find out the algorithm and decrypt the hash value.

There are so many algorithm to decrypt the password. Of course, you could brute force it, but I wanna save time. So, follow the direction to look around the server.

http://en.wikipedia.org/wiki/Cryptographic_hash_function

I remember that, checking robots.txt file, in "lib" directory there is a file called "hash".

Open the hash file, there are some garbage text and some system information. "MD4" is what we're looking for.

We can use "john the ripper" to crack it

root@sp:/pentest/passwords/john# ./john --format=raw-md4 ./md4.txt

or other ways, like using Cain & Abel. In this way, open Cain & Abel, click on "Cracker" tab, then, on left, click on "MD4 Hashes", click on File/Add to List, and insert hash code found before into admin.bak.php

Then, click with right mouse button on code just inserted and click on "Brute-Force Attack" and click on START!

The password that we'll go to insert on

https://www.hackthissite.org/missions/realistic/5/submit.html

will be:

===============> HTS: Realistic Mission 6

Myself is a Bad Boy

mercoledì 25 settembre 2013

Hack This Site: Realistic Mission 5 - Damn Telemarketers!

Nessun commento:

Posta un commento