Damn Telemarketers!

I can’t stress this enough but one of the first things you should do after viewing every page is to view the source code of every page. Unfortunately for us this reveals nothing.

You take a look at the News page and you decied to read it. There are some things in there that you think might give you a clue like the administrator’s girlfriends name. But this is all useless. But then you read:

“Google was grabbing links it shouldn’t be so I have taken extra precautions”

Now this might be interesting. In order to hide files from search engine spiders you need a robots.txt file. You can read more aboutrobots.txt here.

So lets take a look at what they are hiding:

will show you the following:

This indicates that there are two directories /lib and /secret the administrator does not want search engines to look at. So let us look at them.

We check out secret first for obvious reasons. We look at admin.php and get an “Invalid Password” message. We look at admin.bak.php and get:

This hash might be different for you. If we remember what Spiffomatic64 said about the hash being a “message digest” (MD), which might be the password you need to enter.

But what algorithm do we use? Let’s take a look at the other directory /lib inside there is a hash file. Lets download and take a look. Wow a lot of garbage. Take a good look through the file and you might come across this:

$FreeBSD: src/lib/csu/i386-elf/crti.S,v 1.7 2005/05/19 07:31:06 dfr Exp $ %02x
Error: MDupdate MD already done.
Error: MDupdate called with illegal count value %d. MD4 time trial. Processing 1 million 64-character blocks… is digest of 64M byte test input. Seconds to process test input: %g

If you noticed I bolded MD4. That means that this hash was encrypted with the MD4 algorithm. You can use any MD4 collision finder to crack the hash. A popular one is MDCrack NG.

Here is the usage and output of MDCrack:

Usage:

Output:

Where it says Collision found: d61bb is the password.