Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

realistic 2

  1. Home
  2. Forum
  3. Realistic
  4. realistic 2

henry123456789's Avatar

henry123456789

Member
0 0

I used :

/backups/backup_2004-09-01_1000.sql

it gave nothing . I do not really understand what should I do next . In addition some users talked about a script but I cannot find it this script and how to get the exact date too . Any help ?


Huitzilopochtli's Avatar

Huitzilopochtli

....
10 9

It gave nothing, because you used the example given in the challenge description, which is the wrong filename and doesn't exist, so it gives a 404 error.

You know the directory and the file format, you need to write a script, that's how you get the exact date, by checking all possible dates till one doesn't 404.

Could aways use some third party prog to spider or crawl it, there is only 1 file in that directory after all thumbs up


appas's Avatar

appas

Member
0 0

I have the backup file, but am I right to assume that I must simply bruteforce the password hash therein? I have been running John on this hash for close to a week now…


rex_mundi's Avatar

rex_mundi

☆ Lucifer ☆
3,110 12

Use a different cracker for the MD5 dude and it'll take a minute or less, or use one of the online crackers, JTR would be one of my last choices for tackling an md5.


appas's Avatar

appas

Member
0 0

Ok - in my case, John had misidentified the hash as LM DES. Note that you need the -jumbo version of John for raw MD5 hashes.

In the end I used an online cracker.


SpitFire46's Avatar

SpitFire46

Member
15 0

I still can't access the backup file..HELP!


Huitzilopochtli's Avatar

Huitzilopochtli

....
10 9

Basically you need to code a brute forcer to test all possibilities between backup_2004-09-01_1000.sql and backup_2004-09-30_2300.sql to find the one file in that directory that doesn't produce a 404.

I saw earlier you completed the javascript missions by following some of the shit on w3schools, you can do this with a bit of javascript in the firefox console, using the days and hours as variables and incrementing them till you get the correct url.


SpitFire46's Avatar

SpitFire46

Member
15 0

Where should I write the code?? Should I write it in URL bar or inspect element and then make a script element?? Sorry if I'm asking too much questions..I'm new in hacking so if you help me I really appreciate it..:):)


gr3ygr00t's Avatar

gr3ygr00t

Member
35 0

I'm only starting to learn JavaScript, and wasn't prepared to script something to brute force the file name. But after a bit of reading, I managed to use Crunch and DirBuster to find the file in less than 30 seconds (once I fine tuned my wordlist). No JavaScript required.