Follow us on Twitter!
Never in the field of human conflict was so much owed by so many to so few. - Winston Churchill
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 29
Members Online: 1

Registered Members: 82905
Newest Member: BLckLIght
Latest Articles
View Thread

HellBound Hackers | Challenges | Basic

Author

Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-06 18:47
Well, I already got the correct user name from the hash, but it came from the pass file, now before going to the pass folder (which I found in yet another folder) it stated something about basic user auth, and all it requires is a user, no pass or something ;S all in all, I found the "pass" file and cracked the hash, but I still can't get in. Do I only put this cracked hash in the pass/user field or what? I'm pretty lost.

Thanks.
Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-06 18:56
Learn about htaccess it will help loads


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-06-06 19:04
Lol! your right...I just googled it and god that was stupid! Never even considered that "user" wasn't just verifying that the hash represented the user name, haha thanks man.
Author

RE: Basic 12.

interslice
Member

Your avatar

Posts: 121
Location: my place of course!
Joined: 05.10.05
Rank:
Newbie
Posted on 24-06-06 00:06
i cant find the password file. im not getting anything from reading about .htaccess . i read up on this thing that reveals hidden files called * la

does that hav anything to do with it?
Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-06 13:06
yeah im still confused on this one. It seems like an sql query style injectoin or URL modification sort of thing would be hte solution to this 'un, but im rather confused on where to start. If you have to find the .htaccess file, and get into it to get hte password file (.htpasswd?) then how do you go about accessing it? like an sql_query=SELCET so on and so forth, or do you use the .php?search=file...

i think i got an idea on about where to go with this, but im rather lost on it.


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-06-06 23:30
Lol, I can see that, every basic but 12. Well, think about the URL. Think about how the *page* is shown. Then think about the protection and the .htaccess and it should click in.

...maybe too much of a spoiler :\ don't really think so though.
Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-06 00:27
I got the hash and decrypted it, is that correct or was i ment to just leave the hash?


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-06 00:35
Well, that's correct of course. Just a tip, don't make a very stupid mistake that I made lol, just remember that "user" isn't there to verify that what the hash holds. It was only when I googled info on htaccess when I realized this lol. Stupid.
Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-06 00:45
One problem, i can't figure out how to use john the ripper i can't even turn it on!


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-06 00:50
I didn't even use john the ripper for that lol took me about two seconds.

Fact, I think wikipedia already has the answer for both john AND the hash Frown

Edited by on 25-06-06 00:53
Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-06 00:53
:S I'm so confused, i have the user=*hash* n stuff but what the hell do i do with it, brute force the pass or id?


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-06-06 00:54
I just gave you a huge hint above lol if your not up to doing those things like me...
Author

RE: Basic 12.

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 25-06-06 01:01
the file you see is broken into 2 parts.

username : hash

the hash is DES encrypted. to crack this type of encyrption, John The Ripper is a common program to brute it via collisions.

just save the whole file into a text file and set JTR up to crack it with a dictionary file.

hope that clears things up.


http://www.hellboundhackers.org/
Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-08-06 15:03
Mr_Cheese wrote:
the file you see is broken into 2 parts.

username : hash

the hash is DES encrypted. to crack this type of encyrption, John The Ripper is a common program to brute it via collisions.

just save the whole file into a text file and set JTR up to crack it with a dictionary file.

hope that clears things up.


I did...!.. but the programs always displays an error "No password hashes loadad..."... in the FAQ sais 'see EXAMPLES'... in the f- EXAMPLES sais that we have to use the shadow file... what the f... is this in windows? I thought this was only a UNIX-LiNUX matter?????
....
....

I really dont care about the f-mission 12.... but what i have to do for the f-ripper to work???
I use a dos command in Win XP
My pass file is: mypass.txt:
user:xxxxxxxxxx

where xxxxx= chiphered password...
and... i have the wordlist of Cain in the current dir.
I enter the f-command...

john-386 --wordlist=wordlist.txt mypass.txt

then... i get
No password hashes loaded

I have try 10000 diff combination.... of password file.... and always
i get
No password hashes loaded

Dows anybody use this is Win XP.... i m starting to believe that there is bug with this fucking prog...

SORRY about the f-word but...... i m really getting mad!!!!!!!






Edited by on 18-08-06 15:49
Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-08-06 15:10
Nah.

1: Create a file called: crackme.txt
2: open the file and enter "username:hash".
3: Drag 'n drop the file onto john-386.exe
4: Done


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 18-08-06 15:54
spyware wrote:
Nah.

1: Create a file called: crackme.txt
2: open the file and enter "username:hash".
3: Drag 'n drop the file onto john-386.exe
4: Done


Drug & drop ?/????
Its a dos like exe file....
how can i d&d?
it opens a dos box... and closes immidiatelly!!

PS:I down load 3 times the WIN version!!!!


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-09-06 22:02
dude, JTR is a command line program. you need to read the read me file, that will tell everything that you need to know about JTR


Author

RE: Basic 12.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 10-09-06 22:06
Thiseas wrote:
spyware wrote:
Nah.

1: Create a file called: crackme.txt
2: open the file and enter "username:hash".
3: Drag 'n drop the file onto john-386.exe
4: Done


Drug & drop ?/????
Its a dos like exe file....
how can i d&d?
it opens a dos box... and closes immidiatelly!!

PS:I down load 3 times the WIN version!!!!



drug and drop that exe file into a "command prompt" and hit enter...
Author

RE: Basic 12.

Nubzzz
Member



Posts: 75
Location: php_info();
Joined: 21.12.05
Rank:
Newbie
Posted on 11-09-06 01:23
ok sigh* i guess i will have to help you out even tho you should have figured this out. goto Run in your start menu. now type in cmd or command.com and a command prompt should pop up. now navigate to the directory where you put john and then type in either john-mmx or john-386 and it should work.

seriously use google next time before you ask us a question.

EDIT: oh and another thing about the hash. always put like admin:hash or something like that. use notepad and save the file into the run directory of john. and then when u run john (say you saved it as passwd) you would type in something like "john-mmx passwd.txt" (without the quotes ofcourse.)


images.insecure.org/nmap/images/nmap_bnr_kyra2.gif

[center]
01001110011101010110001001111010011110100111101000100000011100000111011101101110
01110011001000010010000001001000011001010010000001101001011100110010000001101001
01101110001000000111010001101000011001010010000001110100011011110111000000100000
00110101001001010010000001101111011001100010000001001000010000100100100000100001
[url=http://hellboundhackers.org/fu

Edited by Nubzzz on 11-09-06 01:26