Basic 12

Hey I'm having a little trouble with basic 12. I just need a little push in the right direction. I'm probably going to feel retarded for not getting all of it. I use LFI to view the /protected/ folder but it says that the files you can use are limited. I get stuck after that point. I have never really done LFI/RFI before so I don't really know exactly what to do. A little hint is all I want. Thanks :)

I don't get this, this challenge doesn't seem to behave like a real life lfi or rfi would, it seems kinda pointless to me :|

You must know how they protect the folder. http://tinyurl.com/yleu2x

flame_1221 has the right idea.

also keep in mind it IS the file type. ".ht*****"

you can find tuts all over the net on how to protect an apache directory. You can protect files/folders based on IPs, certain files, all sorts of things. very interesting stuff.

I read up on apache's .ht****** and its cr***() function. I'll let the old box in my room crack it with Cain tonight and tomorrow while I'm at school… I hope it is actually what I think it is, anyway lol.

[edit]

ok richo helped me with the encryption type… JTR ftw, pm if you need anything but I can't gurantee any help as I have never used JTR lol

[/edit]

i get the whole on right track thing and i see here that the person decided to use cain and able. Is that nessacery? or should i not need to be guessing?

noober wrote: should i not need to be guessing?

That is a safe assumption for all the challenges, yes. Deduce, not guess.

good…im not a big fan of using other tools

noober wrote: good…im not a big fan of using other tools

Cain is a VERY capable tool, so you should not rule it out. My only suggestion was regarding how you approached the challenges. Focus on your target and work towards it. Really, you should do the same with any live targets, too. Don't just throw every tool you have at it… Only use your tools to make your work more efficient, not to replace it.

As for the challenge, just judge how to complete it sensibly. Cain is not required, I'm sure.

ya i have been trying to read up on RFI and trying what i find just havent come across the right way i suppose

google worked fine too

@ captaintk: way to bring up old threads and answer their questions and give advice whenever they could be dead by now. The last post on this was last year. Just trying to keep this crap off the top…thanks

You guys seem to know what your talking about lol so wondering if you could give me a little hand with this challenge, i figured out where the hash was atleast im pretty sure i did lol and i know i have to use a cracker but honestly i have no idea what to do…google isnt helping much i have a tutotrial on how to use JTR but just dont know if im missing somthing.

someone give me a hand. Greatly appreciated.

Scribe wrote: You guys seem to know what your talking about lol so wondering if you could give me a little hand with this challenge, i figured out where the hash was atleast im pretty sure i did lol and i know i have to use a cracker but honestly i have no idea what to do…google isnt helping much i have a tutotrial on how to use JTR but just dont know if im missing somthing.

someone give me a hand. Greatly appreciated.

After you crack the hash, simply put the username and password into the box to access the hidden folder, then open the only page there and get the points. After you get the hash It isn't that hard.

K, you can call me a hardcore noob for this but i dont understand cracking the hash…if ya know of any sites that could help understand it that be great cause i cant find anything.

again thanks alot

Noticed you posted on basic 12 topic. That hash is a DES encryption hash and if you want to know more about it wiki is a good resource; here's a link http://en.wikipedia.org/wiki/Data_Encryption_Standard

Use john the ripper to crack the hash though if that's what you want to know. Look up articles on HBH for that. Cracking with wordlists is what you want to learn how to do.

Hope this helped you a little.

ShapeShifters wrote: Noticed you posted on basic 12 topic. That hash is a DES encryption hash and if you want to know more about it wiki is a good resource; here's a link http://en.wikipedia.org/wiki/Data_Encryption_Standard

Use john the ripper to crack the hash though if that's what you want to know. Look up articles on HBH for that. Cracking with wordlists is what you want to learn how to do.

Hope this helped you a little.

What he said pretty much sums it up in a nut shell.