Damn Telemarketers! – Realistic Mission 5
Essentially you need to gain access to their site to delete numbers, however, gaining access is good enough.
Pretty basic frame based HTML website.
Clicking the ‘Database’ link on the left takes you to a page showing this.
SQLi doesn’t work on this site. No point in trying. In the news link, there is a snippet of information that can lead you somewhere.
Google was grabbing links it shouldn’t be so I have taken extra precautions.
Google grabbing means spider, and spider means robots.txt. Bingo!! we visit https://www.hackthissite.org/missions/realistic/5/robots.txt and find this gem.
So lets go to https://www.hackthissite.org/missions/realistic/5/secret
Click on admin.bak.php and we find this ” error matching hash 178c1a98917003476f1a7f3a182c01b0″
After some investigation it’s an MD4 hash. So lets go to CAIN for some cracking.
Hashes cracked!! The password is ‘5b1da’
Enter this and you will have completed the mission.