Basic 12.

Well, I already got the correct user name from the hash, but it came from the pass file, now before going to the pass folder (which I found in yet another folder) it stated something about basic user auth, and all it requires is a user, no pass or something ;S all in all, I found the "pass" file and cracked the hash, but I still can't get in. Do I only put this cracked hash in the pass/user field or what? I'm pretty lost.

Thanks.

Learn about htaccess it will help loads

Lol! your right…I just googled it and god that was stupid! Never even considered that "user" wasn't just verifying that the hash represented the user name, haha thanks man.

i cant find the password file. im not getting anything from reading about .htaccess . i read up on this thing that reveals hidden files called * la

does that hav anything to do with it?

yeah im still confused on this one. It seems like an sql query style injectoin or URL modification sort of thing would be hte solution to this 'un, but im rather confused on where to start. If you have to find the .htaccess file, and get into it to get hte password file (.htpasswd?) then how do you go about accessing it? like an sql_query=SELCET so on and so forth, or do you use the .php?search=file…

i think i got an idea on about where to go with this, but im rather lost on it.

Lol, I can see that, every basic but 12. Well, think about the URL. Think about how the page is shown. Then think about the protection and the .htaccess and it should click in.

…maybe too much of a spoiler :\ don't really think so though.

I got the hash and decrypted it, is that correct or was i ment to just leave the hash?

Well, that's correct of course. Just a tip, don't make a very stupid mistake that I made lol, just remember that "user" isn't there to verify that what the hash holds. It was only when I googled info on htaccess when I realized this lol. Stupid.

One problem, i can't figure out how to use john the ripper i can't even turn it on!

I didn't even use john the ripper for that lol took me about two seconds.

Fact, I think wikipedia already has the answer for both john AND the hash :|

:S I'm so confused, i have the user=hash n stuff but what the hell do i do with it, brute force the pass or id?

I just gave you a huge hint above lol if your not up to doing those things like me…

the file you see is broken into 2 parts.

username : hash

the hash is DES encrypted. to crack this type of encyrption, John The Ripper is a common program to brute it via collisions.

just save the whole file into a text file and set JTR up to crack it with a dictionary file.

hope that clears things up.

Mr_Cheese wrote: the file you see is broken into 2 parts.

username : hash

the hash is DES encrypted. to crack this type of encyrption, John The Ripper is a common program to brute it via collisions.

just save the whole file into a text file and set JTR up to crack it with a dictionary file.

hope that clears things up.

I did…!.. but the programs always displays an error "No password hashes loadad…"… in the FAQ sais 'see EXAMPLES'… in the f- EXAMPLES sais that we have to use the shadow file… what the f… is this in windows? I thought this was only a UNIX-LiNUX matter????? …. ….

I really dont care about the f-mission 12…. but what i have to do for the f-ripper to work??? I use a dos command in Win XP My pass file is: mypass.txt: user:xxxxxxxxxx

where xxxxx= chiphered password… and… i have the wordlist of Cain in the current dir. I enter the f-command…

john-386 –wordlist=wordlist.txt mypass.txt

then… i get No password hashes loaded

I have try 10000 diff combination…. of password file…. and always i get No password hashes loaded

Dows anybody use this is Win XP…. i m starting to believe that there is bug with this fucking prog…

SORRY about the f-word but…… i m really getting mad!!!!!!!

Nah.

1: Create a file called: crackme.txt 2: open the file and enter "username:hash". 3: Drag 'n drop the file onto john-386.exe 4: Done

spyware wrote: Nah.

1: Create a file called: crackme.txt 2: open the file and enter "username:hash". 3: Drag 'n drop the file onto john-386.exe 4: Done

Drug & drop ?/???? Its a dos like exe file…. how can i d&d? it opens a dos box… and closes immidiatelly!!

PS:I down load 3 times the WIN version!!!!

dude, JTR is a command line program. you need to read the read me file, that will tell everything that you need to know about JTR

Thiseas wrote: [quote]spyware wrote: Nah.

1: Create a file called: crackme.txt 2: open the file and enter "username:hash". 3: Drag 'n drop the file onto john-386.exe 4: Done

Drug & drop ?/???? Its a dos like exe file…. how can i d&d? it opens a dos box… and closes immidiatelly!!

PS:I down load 3 times the WIN version!!!![/quote]

drug and drop that exe file into a "command prompt" and hit enter…

ok sigh* i guess i will have to help you out even tho you should have figured this out. goto Run in your start menu. now type in cmd or command.com and a command prompt should pop up. now navigate to the directory where you put john and then type in either john-mmx or john-386 and it should work.

seriously use google next time before you ask us a question.

EDIT: oh and another thing about the hash. always put like admin:hash or something like that. use notepad and save the file into the run directory of john. and then when u run john (say you saved it as passwd) you would type in something like "john-mmx passwd.txt" (without the quotes ofcourse.)