Please ask questions ONLY in this topic.

[GoldofSun]

The page you reques, sends a "X-Frame-Options: DENY", header field with
the response back to your browser and due to that your browser will not show
the content in a frame or iframe.

Code: Select all

~]# curl -i "https://www.hackthissite.org/missions/realistic/5/"
HTTP/1.1 200 OK
Date: Tue, 02 Feb 2016 15:08:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 627
Connection: keep-alive
Last-Modified: Mon, 30 Dec 2013 05:28:08 GMT
ETag: "d159eca-273-4eeb9b57bea00"
Accept-Ranges: bytes
Server: HackThisSite Load Balancer
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff

..
..


If you use firefox, you can get an addon to ignore the X-Frame-Options: DENY
you can get it here:
https://addons.mozilla.org/en-us/firefo ... e-options/

In this instance it should propably not be sent by the server, or the mission should
be changed not to use iframes / frames.

Or the server should deny only iframes if its origin isn't local:
X-Frame-Options: sameorigin

Some admin needs to look at this and act accordingly.

Ok. Thank you very much for your reply.

[alasqa]

Just started this mission and all I see is a blank page. I can see the source and all it says essentially is that it is not supported on this browser. I have tried both chrome and firefox. Any ideas?


EDIT: nevermind I found a workaround.

[-Ninjex-]

The page you reques, sends a "X-Frame-Options: DENY", header field with
the response back to your browser and due to that your browser will not show
the content in a frame or iframe.

Code: Select all

~]# curl -i "https://www.hackthissite.org/missions/realistic/5/"
HTTP/1.1 200 OK
Date: Tue, 02 Feb 2016 15:08:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 627
Connection: keep-alive
Last-Modified: Mon, 30 Dec 2013 05:28:08 GMT
ETag: "d159eca-273-4eeb9b57bea00"
Accept-Ranges: bytes
Server: HackThisSite Load Balancer
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff

..
..


If you use firefox, you can get an addon to ignore the X-Frame-Options: DENY
you can get it here:
https://addons.mozilla.org/en-us/firefo ... e-options/

In this instance it should propably not be sent by the server, or the mission should
be changed not to use iframes / frames.

Or the server should deny only iframes if its origin isn't local:
X-Frame-Options: sameorigin

Some admin needs to look at this and act accordingly.

Thank you, a patch has been made <3

[wasseristnass]

I found the hash in a specific secretly hidden directory.
I tried JTR, different websites and even other sources (using linux, hence sources), compiled them etc. Nothing seems to be working. So, questions:
1) Has the hash changed over the months? (I must admit I looked up other sources and found another hash, but a different one (also not working (the pw))
2) Any other tool I can use to decrypt? Still working on it. JTR is already running for over an hour and when I read it should take 2-3 minutes, I started typing this here. (I prefer linux programs, so no Abel & Cain for me).

Hope I didn't gave away a hint that I shouldn't.

[ba4max]

Just a quick FYI for anyone doing the challenge.

The hash you find does work ... read the threads BUT I did not find an on line resource that worked properly.
I am a linux user and found John the Ripper to not work, with a tiny bit of work I did a little Wine setup with Cain and all worked out perfectly.

All these challenges are a blast !

[Starman11]

I've attempted to download Cain and Abel, but the browser blocks it and says it may contain a virus

[mrsteely]

Is this hash crackable or is there something I'm missing?
I've got the hash without too much hassle. unfortunately as im running windows 10 cain and abel wont run (DLLs arent compatible with my OS)
I've tried various online crackers for virtually every encryption type i can find but nothing comes back. In the end I tried searching for the solution and even that didnt work!

Got to give up on this one, its very disappointing

[Sgt Slaughter]

I've hit a wall here. I have tried multiple online hashers. C&A wont install on Windows 10. I get on my Kali laptop and try JTR, Find My Hash, and HashID but, nothing. Then I try C&A via wine in Kali and it wont instal either.. same error with DLLs as WIN10.

edit: used hashcat and still no go
edit2: Got JTR to get it finally!

[kevinharley]

Excuse me, I solved previous missions and now I'm stuck here. I got the hash, but when I can't reverse it with JTR (I tried many format md2. md4, md5 ...) but nothing is true, I searched the hash on some online reverse service but it returns nothing. Can i send the hash to someone for help? Thank you.

[conscience]

Excuse me, I solved previous missions and now I'm stuck here. I got the hash, but when I can't reverse it with JTR (I tried many format md2. md4, md5 ...) but nothing is true, I searched the hash on some online reverse service but it returns nothing. Can i send the hash to someone for help? Thank you.

It's really not that complicated. You must have ran by the solution during your attempts. JTR should find it in a reasonable amount of time. Can't really help more without giving it all away.