Last Friday's mission was to accomplish solving HackThisSite, Realistic 5, the fifth and last in my series of realistic hacking simulation missions. This time, telemarketers are invading people's privacy, and it was up to us to stop them! The job was to get root on the site and delete the contact database in order to return the right of privacy to its victims.
Let's get to it...
The request for our hacking skills this time comes from a fellow "hacker":
This is going to bring you all to your first realistic hash cracking. If you navigate here:
And view the page source, you can see that the form action is getting from a file in the "secret" directory. Let's check that out.
What's this? A backup of a hash matching error?
View the admin.bak.php file to be presented with the MD5 hash of the admin password. Load this up on here and give it a try. Once you receive your password, log in and you will be accredited with your victory!
Want more Null Byte?