Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations

By Alex Long

Last Friday's mission was to accomplish solving HackThisSite, Realistic 5, the fifth and last in my series of realistic hacking simulation missions. This time, telemarketers are invading people's privacy, and it was up to us to stop them! The job was to get root on the site and delete the contact database in order to return the right of privacy to its victims.

Let's get to it...

Realistic 5

The request for our hacking skills this time comes from a fellow "hacker":

This is going to bring you all to your first realistic hash cracking. If you navigate here:

https://www.hackthissite.org/missions/realistic/5/submit.html

And view the page source, you can see that the form action is getting from a file in the "secret" directory. Let's check that out.

https://www.hackthissite.org/missions/realistic/5/secret/

What's this? A backup of a hash matching error?

Index of directory listing for missions realistic secret files

View the admin.bak.php file to be presented with the MD5 hash of the admin password. Load this up on here and give it a try. Once you receive your password, log in and you will be accredited with your victory!

Want more Null Byte?

Post to the forum
Chat on IRC
Follow on Twitter
Circle on Google+

Photo by pikeresearch

Apple's iOS 26 and iPadOS 26 updates are packed with new features, and you can try them before almost everyone else. First, check Gadget Hacks' list of supported iPhone and iPad models, then follow the step-by-step guide to install the iOS/iPadOS 26 beta — no paid developer account required.