[WEB] Freelancer

1356

Comments

  • Could any one help me for start this. I've already used dirbuster on this . Found several dir. s but nothing there .

  • To be honest, this one is not that easy imo.
    But I did learn the importance of source code reading.
    A hint: Remember that all files come from the server, so do not ignore their paths.

    You can PM me for hints.

    Discord : secHaq#7121
    trigger

  • I've got hash values and login pages, but I don't know what to do next. Can you give me a hint, buddy?

  • I've got the username and the password hash but I've heard that you don't have to crack the hash..how should i use the "Tool" to get it ...any hint will be appreciated

  • dont try to crack the hash, just read source code, try to find one of the owasp10 you can use automated tool

  • If you got the Inj try to load the fl that you got from dirb

  • Nice easy challenge. No automated tools are needed (I used only gobuster), it can be done manually, just read carefully the source code and test everything.

  • edited September 2019

    I'm stuck on this one. Much like previous comments I've found the login page and two separate username/password combinations (one for the db, which I've 'cracked').

  • I am stuck and need a push... I have used the tools everyone has talked about but must be missing something. I see the --help doesn't list everything it can do. I googled and can not find what else to do.

    So far I have hash
    I have a login
    and have tried basics with said login.

    Can anyone nudge me in the right direction?

  • edited September 2019

    Beat my head against the wall when actually the instance was just down and s****p didn't indicate that very well :)

    Got the flag now; overall pretty tricky I'd say. I for sure thought it'd be an XSS one based on the contact form until I followed the other leads.

    Feel free to ping me for hints.

  • I've discovered the login page and I've tried using the tool (s****p) but no luck and Im stuck, dont really know what to do... please can anyone give me a hint

  • Type your comment> @mattyboy123123 said:
    > I've discovered the login page and I've tried using the tool (s****p) but no luck and Im stuck, dont really know what to do... please can anyone give me a hint

    you can read some files with that tool

    Arrexel
    OSCP | I'm not a rapper

  • I found user/pass from a vul. But i don't find any path to using it although i used dirbuster and read source code html. Pls give me hint for what to do now?

  • I found hash and login pages, but I can't login. I have difficulties. Can you give me some hints? What are you talking about the source code for reading? That's the source code for that part.

  • Could someone PM a hint to the location of the hash? I feel like I'm missing something super obvious here

  • After found the login form with dirb, i need to enumerate and find the username ?

  • Anyone available for a pm ?
  • @Davincible: Check your inbox. If anyone else needs a hint, feel free to PM me!

  • whats the path?

  • If something apparently juicy you found doesn't seem to get you anywhere, look elsewhere. This challenge has a few ratholes.

  • For s***p w***e
  • Took me a few minutes to get the hash using the proper tools, then got stuck after that for a while!
    I believe (as mentioned here before) that no need to crack any hashes, my question is, would the same tool that got me the hashes help afterwards? I tried most of its options shown in the -hh with no luck.

    I appreciated any help here.

  • @salt yes, that same tool can do more than just pull data out of a db... check the options again for other interesting features.

  • I can get the same place with you, and I can download it through the tool, but I can't upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?

  • Type your comment> @alex57xp32 said:

    I can get the same place with you, and I can download it through the tool, but I can't upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?

    Passed, it really is a problem that I did not analyze carefully. In fact, the answer has been found, that is, I have not seen it.

  • this one was a pain :D just because i didnt pay atention to what i found. initially i thought that source code that i see in the URL is the same that im getting with that tool but it wasnt. so make sure to read the source your getting with that tool
    nice challange

  • Shit! Fucking finally did it. Without the "This tool can do more than just that" I would surely be stuck! Coolest challenge so far... You always think you know a lot, but then BAM, the manuals hit you in the face.

  • I see the comment about line on some page, but am not sure about how would i access it or change it.
    any nudges?

  • @ishansaha007 no line to change. Feel free to DM me for a hint.

  • This is bugging the 'heck' out of me! I got the vuln pinned. Used the 'tool' to grab all. Then used a function of the tool to get some more stuff and found a pw in a cfg file. Can't seem to use the tool to put stuff back though. And can't figure out where the 'F' in Flag is!!

Sign In to comment.