Home

Hacking
Hackthissite help

Related

Realistic 1
Realistic 2
Realistic 3
Realistic 4
Realistic 5
Realistic 6

Copyright © 2009 Amund Østvoll

Hackthissite.org realistic 7

This mission is a bit more tricky. You will have to use a method known as brute force attack. The method itself is very simple, you just try all the passwords possible untill you find the password. You could ofcourse try writing yourself, but that would take you a few years. Thats why we use a program to do it, and that will be much faster. A program can type really fast, depending on your cpu and stuff. A few thousand words pr second will be possible.

In this mission we are going to use a program called John The Ripper, and search arround on the web how to use it, if you want to know more. Might write in some guides here later, but you will have to read all on your own.

Solution

If you are on any page in this mission you get an URL witch is," showimages.php?file= " and then a filename. This means the page will include pages on the server. This means ofcourse that you can try including any file from the structure.

Open:" http://www.hackthissite.org/missions/realistic/7/images/ " to see the structure of the page. But trying to include any of these won't do you any good. Though if you go into the structure, and click on the admin folder, you will get the opportunity to log in to the admin part of the page. Writing the wrong password will not help you though.

Then you can open the next page:" http://www.hackthissite.org/missions/realistic/7/showimages.php?file=images/admin/.htpasswd " and you will se a little square with to vertical lines. Right click on the left vertical line and then copy the link. In firefox, you can just click on properties, but I don't know about other browsers.

You will then have to paste this into a txt document or something. Download the program called John The Ripper. Download it from the tools section on this page if you don't feel like searching on google.

Then save what you copyed in the run directory of the john the ripper program. Lets say we save this file as pass.txt. You then have to open the command promt and direct yourself into the run directory. You will have to use the command:" john-386 --show pass.txt ". It will look something like this:

This was on a windows computer. The password I got, was "shadow" and then you just write in the username "administrator" and with the password, you get in to the admin part of the page. And there you have the realistic 7 solution.

By reading this fine print your soul is now the exclusive property of www.slackhax.com. Unauthorized use of www.slackhax.coms characters, images, materials, souls, odors, and oxygen is strongly discouraged. We know where you sleep.