Mar 8, 2012

HTS Realistic Mission 7


Solution to HACK THIS SITE . ORG Realistic Missions
From Dexter’s Lab
The realistic missions from the site Hackthissite.org is really very fascinating and overwhelming. I am considering you know a little bit about the programming things. If not then I am sorry for you because these things may seems too tough for you.

REALISTIC MISSION 7

UNRESTRICTED SERVER FEEDS & DECRYPTING HASH FUNCTION METHOD
While scrubbing through the site you should come across the image directory. When you browse to this directory you will see a folder embedded call /admin. If you were to click on that folder you get an authentication window. By cancelling you will see what they webserver they are running. You will notice at the bottom it is running Apache. Apache uses .htpasswd files to store user names and passwords. 

Now that you know .htpasswd files store the username and password you will need to get into the site, how do you get this file.

Well, you have to play with the site. After doing some work you will come across this page:
showimages.php?file=bush.txt
This page calls the file=bush.txt file to come up. So use this to get the .htpasswd file.
showimages.php?file=images/admin/.htpasswd
This translates into a picture that cannot be displayed because in reality it is a file not a picture. If you were to click on that picture you will notice in the URL administrator:aH0qcQOVz7e0s

You now know that the username is administrator and the password is aH0qcQOVz7e0s. The challenge now how to crack the encrypted password.

John the Ripper is a good program for this. You can download it and run the john.exe file. What you need to do is take the password you now have and copy that to a text file but add p: to the beginning of it. 
Example: p: aH0qcQOVz7e0s
Run
john.exe c:/password.txt
After it is completed run 
john.exe –show c:/password.txt
There you go the username and password:
uid: administrator
pwd: company

HTS Realistic Mission 6


Solution to HACK THIS SITE . ORG Realistic Missions
From Dexter’s Lab
The realistic missions from the site Hackthissite.org is really very fascinating and overwhelming. I am considering you know a little bit about the programming things. If not then I am sorry for you because these things may seems too tough for you.

REALISTIC MISSION 6

DECRYPTING XECRYPTION ALGORITHM
You have to simply read about XECryption and then have to draw out a solution by writing a program and decrypt the code and send the message to “ToxiCo_Watch”.
The message after decrypt is:
"Samuel Smith
Thank you for looking the other way on the increased levels of toxic chemicals in the river running alongside our industrial facilities. You can pick up your payment of $20,000 in the mailbox at the mansion on the corner of 53 and St. Charles tomorrow between the hours of 3:00am and 5:00am.
Thank you,
John Sculley
ToxiCo Industrial Chemicals
" (without quotes).