Thursday, 31 October 2013

EMCDefendersleague2013 week-1 challenge-5 solution

Files can be downloaded from here :  https://db.tt/s2niLU2s
Challenge-5

Question : Mr. H4x0r has intercepted an attack by his friend on a website. Help Mr. H4x0r to obtain the admin password of the website from the attack log.


Hint 1:SQL Injection

Hint 2:Hash Cracking

file name : Contest5.sample

First thing to do is use file command..
result : data file

hence we know that its a data file now.opening it in gedit or notepad++ will tell you that its a log file of sql injection.

Scrolling down till the end you will find this :

Firstname::isf:1pvyjsradminpvyjsrpvyjsrs@s.compvyjsradminpvyjsradminpvyjsr2a9a4d20c6fdafa8917c8e7c3f63733fpvyjsr2013-07-22 07:43:09pvyjsr0pvyjsr:tlf:

from this we come to know that the password hash is : 2a9a4d20c6fdafa8917c8e7c3f63733f and its a md5 hash too..
A google search will give you the flag for this : 

the flag is cHDiN

No comments:

Post a Comment

enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.