Files can be downloaded from here : https://db.tt/s2niLU2s
Challenge-5
Question : Mr. H4x0r has intercepted an attack by his friend on a website. Help Mr. H4x0r to obtain the admin password of the website from the attack log.
Hint 1:SQL Injection
Hint 2:Hash Cracking
file name : Contest5.sample
Challenge-5
Question : Mr. H4x0r has intercepted an attack by his friend on a website. Help Mr. H4x0r to obtain the admin password of the website from the attack log.
Hint 1:SQL Injection
Hint 2:Hash Cracking
file name : Contest5.sample
First thing to do is use file command..
result : data file
hence we know that its a data file now.opening it in gedit or notepad++ will tell you that its a log file of sql injection.
Scrolling down till the end you will find this :
Firstname::isf:1pvyjsradminpvyjsrpvyjsrs@s.compvyjsradminpvyjsradminpvyjsr2a9a4d20c6fdafa8917c8e7c3f63733fpvyjsr2013-07-22 07:43:09pvyjsr0pvyjsr:tlf:
from this we come to know that the password hash is : 2a9a4d20c6fdafa8917c8e7c3f63733f and its a md5 hash too..
A google search will give you the flag for this :
the flag is cHDiN
No comments:
Post a Comment
enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.