Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Friday, November 17, 2017
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 57
Guests Online: 54
Members Online: 3

Registered Members: 103022
Newest Member: testsneker
Latest Articles
View Thread

HellBound Hackers | Challenges | Realistic

Author

realistic 2

henry123456789
Member

Your avatar

Posts: 79
Location:
Joined: 10.02.15
Rank:
God
Posted on 27-04-15 10:00
I used :

/backups/backup_2004-09-01_1000.sql

it gave nothing . I do not really understand what should I do next . In addition some users talked about a script but I cannot find it this script
and how to get the exact date too . Any help ?

Edited by henry123456789 on 27-04-15 10:26
Author

RE: realistic 2

Huitzilopochtli
Member



Posts: 1545
Location:
Joined: 19.02.13
Rank:
God
Posted on 27-04-15 17:15
It gave nothing, because you used the example given in the challenge description, which is the wrong filename and doesn't exist, so it gives a 404 error.

You know the directory and the file format, you need to write a script, that's how you get the exact date, by checking all possible dates till one doesn't 404.

Could aways use some third party prog to spider or crawl it, there is only 1 file in that directory after all Thumbs Up

Edited by Huitzilopochtli on 27-04-15 17:22
Author

RE: realistic 2

appas
Member

Your avatar

Posts: 6
Location:
Joined: 19.04.15
Rank:
Wiseman
Posted on 27-12-15 13:42
I have the backup file, but am I right to assume that I must simply bruteforce the password hash therein?
I have been running John on this hash for close to a week now...
http://matiaswilkman.blogspot.com
Author

RE: realistic 2

rex_mundi
☆ Lucifer ☆



Posts: 2007
Location: Scotland
Joined: 20.02.08
Rank:
God
Posted on 27-12-15 13:49
Use a different cracker for the MD5 dude and it'll take a minute or less, or use one of the online crackers, JTR would be one of my last choices for tackling an md5.

Edited by rex_mundi on 27-12-15 13:50
U N ⓡⓔⓧ_ⓜⓤⓝⓓⓘ
Author

RE: realistic 2

appas
Member

Your avatar

Posts: 6
Location:
Joined: 19.04.15
Rank:
Wiseman
Posted on 27-12-15 19:21
Ok - in my case, John had misidentified the hash as LM DES.
Note that you need the -jumbo version of John for raw MD5 hashes.

In the end I used an online cracker.
http://matiaswilkman.blogspot.com
Author

RE: realistic 2

SpitFire46
Member



Posts: 14
Location: Anywhere
Joined: 17.05.16
Rank:
Mad User
Posted on 16-11-16 18:49
I still can't access the backup file..HELP!

Edited by SpitFire46 on 18-11-16 09:49
P        I I        R
Author

RE: realistic 2

Huitzilopochtli
Member



Posts: 1545
Location:
Joined: 19.02.13
Rank:
God
Posted on 19-11-16 00:04
Basically you need to code a brute forcer to test all possibilities between backup_2004-09-01_1000.sql and backup_2004-09-30_2300.sql to find the one file in that directory that doesn't produce a 404.

I saw earlier you completed the javascript missions by following some of the shit on w3schools, you can do this with a bit of javascript in the firefox console, using the days and hours as variables and incrementing them till you get the correct url.
Author

RE: realistic 2

SpitFire46
Member



Posts: 14
Location: Anywhere
Joined: 17.05.16
Rank:
Mad User
Posted on 20-11-16 12:28
Where should I write the code?? Should I write it in URL bar or inspect element and then make a script element?? Sorry if I'm asking too much questions..I'm new in hacking so if you help me I really appreciate it..SmileSmile

Edited by SpitFire46 on 20-11-16 13:56
P        I I        R
Author

RE: realistic 2

Huitzilopochtli
Member



Posts: 1545
Location:
Joined: 19.02.13
Rank:
God
Posted on 20-11-16 15:29
You can run javascript direct from the inbuilt console in whatever browser you're using. http://webmasters. . .t-browsers

Edited by Huitzilopochtli on 20-11-16 15:31
Author

RE: Crunch/DirBuster

gr3ygr00t
Member

Your avatar

Posts: 1
Location:
Joined: 26.06.17
Rank:
Moderate
Posted on 27-08-17 07:39
I'm only starting to learn JavaScript, and wasn't prepared to script something to brute force the file name. But after a bit of reading, I managed to use Crunch and DirBuster to find the file in less than 30 seconds (once I fine tuned my wordlist). No JavaScript required.