Posted in

HTS-Realistic Mission 5

Damn Telemarketers! – Realistic Mission 5

The Mission


Essentially you need to gain access to their site to delete numbers, however, gaining access is good enough.

Pretty basic frame based HTML website.


Clicking the ‘Database’ link on the left takes you to a page showing this.


SQLi doesn’t work on this site. No point in trying. In the news link, there is a snippet of information that can lead you somewhere.


Google was grabbing links it shouldn’t be so I have taken extra precautions.

Google grabbing means spider, and spider means robots.txt. Bingo!! we visit and find this gem.

User-agent: *
Disallow: /lib
Disallow: /secret

So lets go to

We find


Click on admin.bak.php and we find this ” error matching hash 178c1a98917003476f1a7f3a182c01b0″

After some investigation it’s an MD4 hash. So lets go to CAIN for some cracking.


Hashes cracked!! The password is ‘5b1da’

Enter this and you will have completed the mission.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s