Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations

By Alex Long

Last Friday's mission was to accomplish solving HackThisSite, Realistic 5, the fifth and last in my series of realistic hacking simulation missions. This time, telemarketers are invading people's privacy, and it was up to us to stop them! The job was to get root on the site and delete the contact database in order to return the right of privacy to its victims.

Let's get to it...

Realistic 5

The request for our hacking skills this time comes from a fellow "hacker":

This is going to bring you all to your first realistic hash cracking. If you navigate here:

https://www.hackthissite.org/missions/realistic/5/submit.html

And view the page source, you can see that the form action is getting from a file in the "secret" directory. Let's check that out.

https://www.hackthissite.org/missions/realistic/5/secret/

What's this? A backup of a hash matching error?

Index of directory listing for missions realistic secret files

View the admin.bak.php file to be presented with the MD5 hash of the admin password. Load this up on here and give it a try. Once you receive your password, log in and you will be accredited with your victory!

Want more Null Byte?

Post to the forum
Chat on IRC
Follow on Twitter
Circle on Google+

Photo by pikeresearch

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.