Actually, you don't need any tool except web browser. Just read sources closely and use one of OWASP Top 10 vulnerability. Nothing more needed.
Tools were a rabbit hole for me.
I've reached up to a special user and his hashed password using "The Tool", I wasn't able to find another way as mentioned by others? any nudge/hint please? wasted almost a day
I've reached up to a special user and his hashed password using "The Tool", I wasn't able to find another way as mentioned by others? any nudge/hint please? wasted almost a day
I'm not sure how others solved this, but I never actually logged in as that user.
What other interesting things can that tool do? (That may or may not show up in said tool's -h help menu)
This damn challenge spoiling my peaceful life, help me, guys... sleeping with a hashed password, login page and username. Been 2 days now. I even took day off from work saying I'm sick ...lol
I have the user and the hash using The Tool but no idea how to continue... Not possible to crack the hash. Can somebody help me on how to continue? Thanks!
Man! I'm about to end this challenge. Thanks to @ori0nx3 and @idealphase for the hints. I would like to say for this challenge the login form gets completely sanitized. No need to play there. Use the vulnerability you find AND A VERY WELL-KNOWN PATH!
I have the user and the hash using The Tool but no idea how to continue... Not possible to crack the hash. Can somebody help me on how to continue? Thanks!
I have sent you a PM, now I hope that you speaks spanish too lol.
For anybody who needs help, feel free to PM too
Also thanks to the creator of this challenge, I've learnt new things!
Comments
Type your comment> @cyb3rsinn3r said:
Pretty close but not final trip point %)
@idealphase thanks a lot dude. finally, done.
Congratulations man. It's your well done. I'm just hint provider.
rooted, nice box
Actually, you don't need any tool except web browser. Just read sources closely and use one of OWASP Top 10 vulnerability. Nothing more needed.
Tools were a rabbit hole for me.
It can be done by hand, but using a specific tool makes things a lot easier and faster...
Awwe piece of cake
what's with @)) or % hint? what are these??
Type your comment> @dnperfors said:
please check your PM
Profile: https://www.hackthebox.eu/home/users/profile/68523
Anyone available for a DM? I think I'm at the final step, but could use a second opinion.
@passkwall said:
@passkwall: I tried sending you a DM but I'm not sure it went through.
I've reached up to a special user and his hashed password using "The Tool", I wasn't able to find another way as mentioned by others? any nudge/hint please? wasted almost a day
Profile: https://www.hackthebox.eu/home/users/profile/68523
@Un1k0d3r said:
I'm not sure how others solved this, but I never actually logged in as that user.
What other interesting things can that tool do? (That may or may not show up in said tool's
-h
help menu)can anyone DM some spoilers. I got the Hash and a login page. stuck on here now.. Please DM me ...
Type your comment> @Tink2hack said:
Same here. I have the user, his hash, and all information I want from the DB (readonly), but I don't know what else to do.
@Tink2hack @WilliamGiraldo
Feel free to DM me either here or on the discord server if you're still stuck.
Found the login page, but dont know how to proceed... would someone plss help me ?
@radac98 Sent you a DM.
This damn challenge spoiling my peaceful life, help me, guys... sleeping with a hashed password, login page and username. Been 2 days now. I even took day off from work saying I'm sick ...lol
Profile: https://www.hackthebox.eu/home/users/profile/68523
Sometimes you don't need to barge in the door. Sometimes you simply need to glance in the window...
And you should probably go to work
I have the user and the hash using The Tool but no idea how to continue... Not possible to crack the hash. Can somebody help me on how to continue? Thanks!
can someone dm me for help? i've found something but i can't manage how to put everything togheter...
Man! I'm about to end this challenge. Thanks to @ori0nx3 and @idealphase for the hints. I would like to say for this challenge the login form gets completely sanitized. No need to play there. Use the vulnerability you find AND A VERY WELL-KNOWN PATH!
You don't need any specific tool. Just try basic injection and ignore the password hash.
Use the source, Luke!
I'd be happy to give some hints, just let me know what you have.
ROOOTED!!!, OMG.. the path was easy to guess, but it took me a while. Thanks, @dnperfors and @gatete for the tips
Profile: https://www.hackthebox.eu/home/users/profile/68523
got the adm path,user and password hash,tried all i know about web pentest and NO FLAG,would someone gib me a hint in PM.
A little hint in the PM would be appreciated!!
Type your comment> @gatete said:
Thank you @gatete for your help!