Friday, October 22, 2010

Hackthissite realistic mission 7

You will need to use John the ripper to crack the password.Let's start with the mission.The first thing to do is analyse the source code and also keep an eye on the URL.The URL in your browser will show you something like " showimages.php?file= " and then a filename.The php file is displaying the file whose name is being given as parameter.If you analysed the source carefully you must have found the admin folder.If you click on it you will get the opportunity to log in to the admin part of the page. Writing the wrong password will not help you though.

You will notice that the server is using HTTP authentication(used by apache servers).The folder in apache are secured by two files namely .htpasswd and .htconf - the password and configuration file.You need to get the hash in the password file which will then be cracked by JTR.Enough

Type this in the addressbar :" " and you will se a little square with to vertical lines. Right click on the left vertical line and then copy the link. In firefox, you can just click on properties, but I don't know about other browsers.

You will then have to paste this into a txt file. Time to bruteforce it using John The Ripper.

Save what you copied in the run directory of the john the ripper program. Lets say we save this file as pass.txt. You then have to open the command promt and direct yourself into the run directory. You will have to use the command:" john-386 --show pass.txt ". It will look something like this:

This was on a windows computer.

No comments:

Post a Comment