Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

basic web 12


ghost's Avatar
0 0

Hey everybody,

i' found the password and the user name ;)

but auth doesn't work :p

a +


starofale's Avatar
Member
0 0

I suspect you've just got the password hash, not the actual password. You need to crack it then submit the plaintext password.


ghost's Avatar
0 0

I know this thread is a little old but I felt my question was relevant to the topic. So the password is obviously encrypted because if you just enter the user name and password you find at (super secret file) you don't get authorized. However, was I supposed to already know that the password was encrypted because of the file it was found in? Are all passwords put here automatically encrypted? Or were they encrypted and then stored here?

I mean it isn't that big of deal because once you find the password and try it & fail, you then know something is up and it is likely encrypted.

I'm just wondering was I supposed to know it was encrypted before even trying it and failing?

Thanks,

Jack

NOTE: I'm not sure if anything here is really a spoiler. I'm pretty sure it is not. If any mods believe it is just let me know and I'll change the offending texts. Thanks!


ghost's Avatar
0 0

Ok well after doing some more searching…(probably should have done that before I posted eh? Sorry.)…I found that it looks like you have to encrypt the passwords your self prior to putting them in the (super secret file). Am I right? Just having them there doesn't mean they'll be encrypted, but you shouldn't put them there without first encrypting them. And there are online tools that allow you to automatically make this file and they encrypt the passwords for you.

Is my thinking here correct? Or did Google lie to me? :)

I'm just trying to better understand this.

Thanks…again!

Jack


dopeboimag1k's Avatar
Member
0 0

In my experience working with that secret file, whether or not your encrypt the contents of that file depends on how you generate that file. There are different options that allow you to either have the file be encrypted automatically or have it be in plain text.

Check out the documentation on Apache's website. I would give you the link here in the forum but that would be a major spoiler. That page will tell you all the information you want to know as far as encryption and creation of that file.

PM me if you want the direct link.