Last Friday's mission was to accomplish solving HackThisSite, Realistic 5, the fifth and last in my series of realistic hacking simulation missions. This time, telemarketers are invading people's privacy, and it was up to us to stop them! The job was to get root on the site and delete the contact database in order to return the right of privacy to its victims.
Let's get to it...
Realistic 5
The request for our hacking skills this time comes from a fellow "hacker":
This is going to bring you all to your first realistic hash cracking. If you navigate here:
https://www.hackthissite.org/missions/realistic/5/submit.html
And view the page source, you can see that the form action is getting from a file in the "secret" directory. Let's check that out.
https://www.hackthissite.org/missions/realistic/5/secret/
What's this? A backup of a hash matching error?
View the admin.bak.php file to be presented with the MD5 hash of the admin password. Load this up on here and give it a try. Once you receive your password, log in and you will be accredited with your victory!
Want more Null Byte?
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
1 Comment
l
Share Your Thoughts