Someone could decrypt de ciphertext of the last crypto challenge?

Thanks

(October 24, 2022, 04:11 PM)karhu Wrote:

(October 24, 2022, 04:04 PM)deathfrom Wrote:

(October 24, 2022, 04:00 PM)karhu Wrote: Reverse and Forensics were pretty simple Just working on Web now. SQLi is returning a bunch of bcrpyt hashes, but JtR isn't cracking them.

I am not sure what that value is for the admin account. It doesn't look like a hash and it is not a valid password either

Yeah, my sqlmap returned ~300 hashes. JtR hasn't cracked any of them. Not sure where to go from here.

Those 300 hashes are probably related to your sqlmap exploit. You only need the first one labeled as "admin"

thanks

so the web is actually a sql injection and not HMAC BYPASS? uhh

(October 24, 2022, 04:33 PM)Hacker2222 Wrote:

(October 24, 2022, 04:31 PM)keygen Wrote: so the web is actually a sql injection and not HMAC BYPASS? uhh

yeah, i think ugotta add a new admin record with injection or something...

You can add the -sql-shell onto the sqlmap command. I tried inserting data but this did not work. Also reading system files does not appear to worth ether

(October 24, 2022, 04:31 PM)Hacker2222 Wrote:

(October 24, 2022, 04:00 PM)karhu Wrote: Reverse and Forensics were pretty simple Just working on Web now. SQLi is returning a bunch of bcrpyt hashes, but JtR isn't cracking them.

how did u do the forensics challenge ? how did u run the vba script ?

Ran oledump and olevba on it. Deobfuscated it. Wrote the translation in powershell.

Lets see

(October 24, 2022, 04:04 PM)deathfrom Wrote:

(October 24, 2022, 04:00 PM)karhu Wrote: Reverse and Forensics were pretty simple Just working on Web now. SQLi is returning a bunch of bcrpyt hashes, but JtR isn't cracking them.

I am not sure what that value is for the admin account. It doesn't look like a hash and it is not a valid password either

Do you think it the ending of a hash?

dubs only