Sunday, April 24, 2011

HackThisSite - Realistic 5 Solution

This was a pretty fun exercise, albeit pretty simple.

1) Recon
The first thing you should always do is have a look around. With HackThisSite, it is very very very important that you read the descriptions. You'll note a couple things.

- "Everything they use is 10 years old"
- "new password seems to be a 'message digest'"

With that, you should have a look around. You will notice that you have a lot of email addresses on the pages. These are good to keep in case you need to start guessing usernames (you don't, but just saying). On the news page you will notice something about google finding links that it shouldn't. Immediately, you should think to take a look at the robots.txt file.

In the robots.txt file, you will notice a few directories that they don't want you looking into.

2) Discovery

You will start poking around in the directories that you found in the robots.txt file. In there, you will find copies of php files, etc. Start clicking on them. You will notice that one of them displays a hash that it is trying to match. If you take a look at the lib directory, you will have access to a "hash" library. You can download that and just open it up in notepad. You will notice from it the hashing algorithm to use to try and break the password.

3) Exploitation

Using a program like mdcrack, you will be able to very very very quickly get a collision that produces the correct hash (really that is all you need, the original password is irrelevant).

Enter said password into the database page, and you have completed level 5!