Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations

HackThisSite, Realistic 5 - Real Hacking Simulations

Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations

Last Friday's mission was to accomplish solving HackThisSite, Realistic 5, the fifth and last in my series of realistic hacking simulation missions. This time, telemarketers are invading people's privacy, and it was up to us to stop them! The job was to get root on the site and delete the contact database in order to return the right of privacy to its victims.

Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations

Let's get to it...

Realistic 5

The request for our hacking skills this time comes from a fellow "hacker":

Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations

This is going to bring you all to your first realistic hash cracking. If you navigate here:

https://www.hackthissite.org/missions/realistic/5/submit.html

And view the page source, you can see that the form action is getting from a file in the "secret" directory. Let's check that out.

https://www.hackthissite.org/missions/realistic/5/secret/

What's this? A backup of a hash matching error?

Goodnight Byte: HackThisSite, Realistic 5 - Real Hacking Simulations

View the admin.bak.php file to be presented with the MD5 hash of the admin password. Load this up on here and give it a try. Once you receive your password, log in and you will be accredited with your victory!

Want more Null Byte?

Photo by pikeresearch

1 Comment

Share Your Thoughts

  • Hot
  • Latest