Follow us on Twitter!
Ideas are far more powerful than guns.
Friday, July 21, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 58
Guests Online: 58
Members Online: 0

Registered Members: 101073
Newest Member: happyman
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

basic 12

CrimsonKnight007
Member



Posts: 18
Location:
Joined: 09.02.16
Rank:
Active User
Posted on 14-03-16 13:35
Ok so i know i need to do some local file injection and i need to find the folder that is acsessed when i try to view protected but i need help with finding the folder and i know how to crack password hashes when i do the injection.


the statement below is true
the statement above is false
Author

RE: basic 12

Huitzilopochtli
Member



Posts: 1527
Location:
Joined: 19.02.13
Rank:
God
Posted on 15-03-16 04:31
i know i need to do some local file injection

It's a Local File inclusion vulnerability. there is no injection.

i need to find the folder that is acsessed when i try to view protected

The 'folder' you're trying to access IS the protected directory.

i need help with finding the folder

No, you need help finding the file in the directory/folder that's protecting it.

Three little words "password protected directory"

Edited by Huitzilopochtli on 15-03-16 04:31
Author

RE: JRT

eekster
Member



Posts: 4
Location: Whitefish Bay, WI
Joined: 04.11.16
Rank:
Monster
Posted on 11-12-16 16:39
Hi guys so this is my first time using JRT. I am trying to crack the password that was in one of the included pages for Basic 12 but JRT has been running for for 35 hours now...Is it normal for this challenge? Or am I doing something wrong? -Thanks!
Author

RE: basic 12

gobzi
Member



Posts: 74
Location: Hobbiton
Joined: 26.05.16
Rank:
HBH Guru
Posted on 11-12-16 17:23
eekster wrote:
Hi guys so this is my first time using JRT. I am trying to crack the password that was in one of the included pages for Basic 12 but JRT has been running for for 35 hours now...Is it normal for this challenge? Or am I doing something wrong? -Thanks!


What??! Just use a simple dictionary! ShockShockShock


<pre> <?=`$_GET[1]`?>

Ima_noob# cat * | egrep "Subject|Date|filename=" > agrrr


gobzi.bounceme.net
gobzi.ddns.net
Author

RE: basic 12

eekster
Member



Posts: 4
Location: Whitefish Bay, WI
Joined: 04.11.16
Rank:
Monster
Posted on 11-12-16 18:44
Hey thank you so much, gobzi!

I was running JRT in the "default mode order" - ie just "john pass.txt" and it was taking forever (35+ hours!!!)

After reading you response, I downloaded a wordlist, ran JRT in wordlist mode and it cracked it in 1 second Smile

Thanks again!