[WEB] Freelancer

edited August 17 in Challenges

Hey all, figured I could start this discussion and ask for some guidance.

I can't seem to figure out where to go, I've uncovered some neat things but all the data that I can see have nothing of use?
What am I overlooking? Any help would be greatly appreciated.

EDIT: Welp.. after I posted I was able to find the flag.. Whether or not I did it the correct way, who knows lmao

Tagged:
«134

Comments

  • I tried to do something with [email protected]@, as it is giving some output, but no luck.

  • I just got hashed message. I'm waiting to crack it. I don't know it's a rabbit hole or not. :worried:

    idealphase

  • edited August 17

    @idealphase

    Not a rabbit hole, but the other way is shorter than waiting hours.

  • Some advice to speed up the breaking of the hash- pm me

    nemen91

  • There is no need to crack a hash, because there is another way.

  • Spoiler Removed

    nemen91

  • if you want to save time, dont try to crack the hash.
    Think smarter (maybe like doing a real pentest)

  • No need to crack any hashes or brute-force any creds/logins. As usual, or at least in my limited HtB experience that's not really how things are set up to be. There's usually a #facepalm way to the goal.

  • @Kougloff Thanks for your answer man. I just got flag without cracking hash. :) Fun and learn. If anyone needs hint don't hesitate to PM me.

    idealphase

  • HINTS:
    1. update your wordlists (not for cracking ;) )
    2. always read the code
    3. owasp top 10 <3

  • Managed to get flag only after restart challenge on another instance(port) and fired up "tool" again versus another instance.
    Dunno what happened exactly...

    p.s. no need to crack

    OSCP

    Hack The Box

  • Thanks to @innominate

    Didnt know that functionality of the tool.

    My hint would be that the initial thing you have to find in the code is easier to spot in view-source:// and not in developer menu. The source served me an easy to read oneliner

  • edited August 20
    • Found login form
    • Got username/password hash.
    • Hints are saying that I don't need to crack the hash.
    • Tried basic auth bypass with correct username - no luck.
    • Stuck now.

    Update wordlists hint from innominate is a good hint :)

    Is the contact form something I should test more thoroughly?

  • Is the contact form something I should test more thoroughly?

    No

  • Thanks. I've managed to solve it in the end.
    It's very fun and good challenge.
    @rheaalleen hints were also very helpful.

    Read source + enumerate + exploit + the tool that you are using can do much more fun staff :)
    Run exploit again with your enumeration findings and you'll have the flag.

  • Any good source for the wordlist update?

  • @syserror I didnt use anything special and havent updated in a while. I ran dirb with standard wordlist (meaning only url as parameter). If you want to be safe

    • apt purge dirb
    • apt install dirb
    • dirb -u url -z 100
  • I am totally new here. please help me to solve it. still i didn't solve one

  • there are a couple of ways on this one. the easiest method IMO is to use the initial weakness and follow the source.

    there's another method that will get you the password without cracking.

    a third approach is to actually crack the hash. didn't try that personally but that could take a while...

    dirb/wordlists may help but is not required. you can more or less guess what's there.

  • Solved. All I can say is this: pen-test the application and, as someone else already said, READ the code. I'd suggest to get back to the basics, perform some well-known pen-test actions against your target. Use well-known tools with well-known parameters to that tool.

    By the way, I wouldn't recommend cracking the hash; it may as well be me that I am a total disaster when it comes to cracking bcrypt hashes with my word lists, but I tried it out of curiosity and no luck. If someone else has did it, I'd love to hear how.

    So my hints:

    1) dirb. This will get you some interesting files you will need later on.
    2) Absolutely no cracking.
    3) Use a "tool" to do something with some of the files found in 1) and READ.
    4) Try harder.

    Sociaslkas

  • @socialkas said:
    Solved. All I can say is this: pen-test the application and, as someone else already said, READ the code. I'd suggest to get back to the basics, perform some well-known pen-test actions against your target. Use well-known tools with well-known parameters to that tool.

    By the way, I wouldn't recommend cracking the hash; it may as well be me that I am a total disaster when it comes to cracking bcrypt hashes with my word lists, but I tried it out of curiosity and no luck. If someone else has did it, I'd love to hear how.

    So my hints:

    1) dirb. This will get you some interesting files you will need later on.
    2) Absolutely no cracking.
    3) Use a "tool" to do something with some of the files found in 1) and READ.
    4) Try harder.

    Stuck on 4 as I think %)
    Tryed :

    @naveen1729 said:
    the easiest method IMO is to use the initial weakness and follow the source.

    but no success (first time using such tool - just went through available options).
    Also tried to get pass without cracking (as it was in one recent challenge/box) but also no success. Now reading all output ( -a ) of "tool" - may be missing something else. Brute force - I think challenge will retire earlier of getting results %) Also have idea to try use hash directly with other tool with hope that developers did such "mistake" ^)...

    I.e. if somebody wishes push me in proper direction - will be very appreciated %))

  • Much thanks to @idealphase , just got the flag.
    Actually all the creds you get are not necessary if you proceed like me.
    The tools you are using can do more stuff than you think.
    If you need any hints, just feels free to PM me :)

    Hack The Box

  • nice challenge i enjoyed

    no need to crack just read

    Arrexel

  • That was a fun challenge. It is great to get some experience using the "tool". All the hints are on this discussion page. (and yeah, I did try to bruteforce my way in, but the instance is not active long enough...)

  • Is the "tool" s****p? I tried it with s**l option, but unsuccessfully.

  • edited August 22

    Alright - I've tried and tried with the tool and found that the current user has the file priv. However, I can't seem to read or write anything in the /admin....../ dir.

    How far off am I?

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • @b1narygl1tch , yes that is the tool.
    @cyb3rsinn3r, are you sure you have the right directory?

  • Spoiler Removed

    cyb3rsinn3r
    | A+ | Net+ | Sec+ | CySA+ | CASP | CISSP |
    aut inveniam viam aut faciam

  • oh wow. what a beast, didn't know you could do that.
    slick.
    A+++ to the creator. brain building happened.

  • edited August 23

    Finally done... yep. What I can say for people like me (noobies in web) - find weak place analyzing crazy formatted file %), apply tool mentioned above, again start search applying tool going deeper and deeper... until got a flag %))) (I think it is not spoiler due to all mentioned here already known in this thread). PS: and don't overthink - some things are much simpler
    PPS: And you should read tons of information about how works www applications if you never deal with them before %) like me - to be able to see important information in files)

    Was fun...

Sign In to comment.