help hacking the login form....hacker challenge

Printable View

August 18th, 2008, 01:21 AM
k_tech

help hacking the login form....hacker challenge

ok, I came across this hacker challenge, and it seems to work like this:.... anyone can register, once you register you can login, but you get a message saying that "you are a regular user, and you need administrator rights"....all the authentication is done against a mysql backend database, which contains the usernames and passwords, with that the first thing I tried was sql injection to see if the app would spit out all the content of the table... so I tried something simple like ' or 'x'='x which in sql evaluates to true, that didn't work so I use webscarab to kind of launch a dictionary attack against the login page using sql injection, but I think the application is doing input validation or stripping the input from any tags or slashes.... the other vector attack could be either a weakness in the cookie or sessionid but I haven't got there yet.

here's the link http://www.pctechtips.org/pwn3d_login.php

any help appreciated

thanks
August 19th, 2008, 06:51 PM
oofki

It is just the username in a cookie that is hashed. Change the value of it to the md5 of the word "admin" refresh and you got it ;)

I have a small howto on changing cookies on my forum:
http://tech-board.net/viewtopic.php?f=15&t=3
August 19th, 2008, 08:02 PM
k_tech

here's a good md5 cracker
http://gdataonline.com/seekhash.php

and I use cookie editor in firefox
August 19th, 2008, 11:45 PM
SkaterDude541

No here`s what you want http://www.hoobie.net/brutus/brutus-download.html
Dictionary files can be downloaded here:http://www.hoobie.net/brutus/brutus-...ion-files.html
August 20th, 2008, 01:36 AM
oofki

Brute forcing is not really practical... Its usually best to try rainbow tables or a dictonary first...
August 21st, 2008, 01:28 AM
k_tech

no to mention you leave traces in the logs and all over the place

www.pctechtips.org
August 22nd, 2008, 03:54 PM
oofki

Not if you have the md5 hash on your local machine and you are trying to crack it there... thats what you are doing in this case.
August 25th, 2008, 04:17 AM
ninjafish

Quote:

Originally Posted by k_tech

here's a good md5 cracker
http://gdataonline.com/seekhash.php

and I use cookie editor in firefox

Is it just me or does that site not work right now? no matter what you put in it just comes up blank.