Realistic Mission 2

Realistic Mission 2

By ghost | 9598 Reads |

0     0

First off I am going to assume that you all know some javascript.

Ok so in this mission we have a problem. We know how the file is named, but we do not know the exact name of the file. We also know it is in 1 of 2 directories… backups/ or bacups/. Two directories means we will have to search twice as long for that file, so if we can eliminate one of those directories we have eliminated half of the problem. We find out that bacups/ does not even exist because when we try to access it, we get a 404 error. So now we only need to search for the file in the backups/ directory. We know the file is named in this order… year, month, day, hour, and there are no minutes. We also know the file is made in September 2004 and the general format of the file name is backup_2004-09-01_1000.sql. So from this we figure out that we must scan a certain range by changing the numbers in the filename. Lets write the javascript…

We will need two variables since two things are changing in that filename. Lets call our first variable day and our next variable hour. Now we are going to need to make a loop so we can test each day. I used a for loop, initiated day with day = 1, tested until day <= 30, and incremented day by 1 (day++). Now inside of this loop, we need another for loop to test each hour. Initiate hour with hour = 1, test until hour <=24, increment hour by 1 (hour++). This next part becomes confusing for some, so pay close attention. If our day OR hour variable gets bigger than 9, it has 2 digits and that messes up the format of our filename when we insert our variables into the address. To fix this we can use an if else conditional statement. The first thing we need to test is if day AND hour is less than 10 (i.e. day is 1 digit AND hour is 1 digit). Write an if statement checking this and inside the if statement, you will want to open a new window using window.open(‘URL’,‘Window_Name’);. Can you guess what the URL of this new window will be? Its gonna be this… ‘http://www.hellboundhackers.org/challenges/real2/backups/backup_2004-09-0’ + day + ‘_0’ + hour + ‘00.sql’.

Be sure to give your new window a name so that each time through the loop, it opens the new location in the same window, instead of opening the location in a new window each time, which could cause some problems. You want to be sure to use the same window name for every open window statement in the rest of the script. Now we want to test “else if” day is less than 10. If it is then we use the open window statement to change the URL of the already opened window. I will let you figure out what the URL will be. HINT: its gonna look A LOT like the first one, only a small change. Now you have to test for when day >= 10 AND hour < 10 and change the URL for this situation. Then use an else statement for all other situations i.e. when day and hour are both 2 digit numbers, and change the URL to match this situation. Now outside of all your if statements and inside the innermost loop, make an alert that tells you the DAY: and HOUR: .

Thats it! Now save your script as an html file and open it. A new window should pop up, followed by an alert telling you the day and hour. Now you want to look at the new window that opened up on the task bar and watch the name of it. Hit enter until it changes from “HTTP 404…” to something else. When it does change, open that window, and you should see the information you are looking for that will help you to complete the mission. This is really the easiest way I found to write this javascript, and hopefully you understand. Good Luck, and if you have any questions on actually coding the script, pm me.

To finish the mission, you will need too crack the hash they give you for the username admin. Ill give you a hint, its an MD5 hash, and you can crack it using Cain and Abel, or by googling an online MD5 hash calculator. To download cain and abel, go here http://www.oxid.it/cain.html. Or to use an online MD5 hash calculator, go here http://gdataonline.com/seekhash.php. Once you have the password, just go to the main page and enter the username and password and click the link that shows up, and you’ve beaten this mission.