[WEB] Freelancer

1235

Comments

  • Hi. I've used the s****p tool against the p*****o.**p file but cannot bypass the waf using the t****r scripts. Can anyone assist me?

  • edited December 2019

    Hey, I am kinda stuck after using the s****p tool. I found the hash and login page. Not to sure what people refer to when saying the certain tool can be used for other purposes. I have looked at the -h menu. Nothing really stood out.

  • edited December 2019

    wrong discuss..

  • Hello,

    I've recently started the FreeLancer challenge, and I am stuck at hashed password, can someone PM me and point me to the right direction.
    Looking forward to your response.

    Sincerely,
    HappyGuy.

  • I hated this challenge until I solved it, now I'm glad I did. Biiiiig brain boosting from this one. Best hint I can give is to RTFM about the "tool" and the server itself, feel free to PM for nudges :)

    KeyboardCowboy
    Aspiring Pen-Tester

  • Done, I like this challenge, something new learned ;)

    Reach me on Discord: n3b0r#2873

  • I can't get any results with the tool. Getting only error that parameter can't be injected. Could somebody help and tell me what I am doing wrong?
    I will be very grateful!

  • Some hints for this:

    1. Gobuster, dirb, dirbuster, rustbuster, etc.
    2. Source ...
    3. Owasp 10
    4. 2.

    sckull

  • A some hints for noobs like me
    1. Read source code (before using dirb). You will find something interesting. This is your key. Now you need a keyhole.
    2. To find the keyhole you need dirb (etc)
    3. You have to insert the key into the keyhole with the tool everyone is talking about. To do this, you must use the TOOL, but not in the way that noobs like me USUALLY use it. It is necessary to carefully study the additional features of the TOOL (for this, one letter "H" is not enough).

  • i can't find login page... any hints?
    And can someone PM me because I don't know what you guys mean with the TOOL

  • Should i try to upload some file on the server?

  • Got the flag. Almost reached to the last stage, but got stuck on how to read source code of website. Research on google gave some hints and got the flag.

    My hints:
    1. Read page source carefully
    2. Dirb
    3.From particular page, you can extract data using tool or manually (I did with both)
    4. (This step is very important learning from me.) How can you work with files using hint number 3.
    5. If you got the 4 then i think you will get the flag.

    PM me for any assist.

  • edited February 16

    Can anyone check if the challenge is good? I've been meddling with the p********, still got no luck with manual method or s******. Got no response with the page.

  • edited February 17

    @urushichan I am seeing the same thing...

  • edited February 17

    Is the challenge broken? I've tried for very long without any luck.

    Gave up and found both a write-up as well as a youtube video, both of which show functionality within the p********.*** file that i cant be replicated.
    and the s***** tool that everyone is talking about is unable to figure out anything using that file, as people are hinting it should be able to in the here in the forum as well as in the video/walkthrough i found.

    any ideas?

  • edited February 18

    @FailWhale Today the tool worked. Flag captured.

    upd. Decided to try again. Does not work...bugs..

  • I get an error 500 Internal Server Error. What can it be connected with?

  • After much pain and suffering i have come to the conclusion that it must be broken. I also had problems with the Cartographer challenge and if i am not mistaken the ezpz challenge can not be reached

  • edited February 21

    Same for me, Cartographer and Freelancer do not work the intended way. (parameter not injectable)

    Countably

    I am always happy to help, but please put some effort into your questions. I won't reply to "I am stuck on machine XXX" messages.

  • Type your comment> @FailWhale said:

    Is the challenge broken? I've tried for very long without any luck.

    Gave up and found both a write-up as well as a youtube video, both of which show functionality within the p********.*** file that i cant be replicated.
    and the s***** tool that everyone is talking about is unable to figure out anything using that file, as people are hinting it should be able to in the here in the forum as well as in the video/walkthrough i found.

    any ideas?

    Im having the same issue ?

  • Type your comment> @jamiechap said:

    Type your comment> @FailWhale said:

    Is the challenge broken? I've tried for very long without any luck.

    Gave up and found both a write-up as well as a youtube video, both of which show functionality within the p********.*** file that i cant be replicated.
    and the s***** tool that everyone is talking about is unable to figure out anything using that file, as people are hinting it should be able to in the here in the forum as well as in the video/walkthrough i found.

    any ideas?

    Im having the same issue ?

    Same here, not working

  • yeah, almost 3 hours trying with diff tools I was not able to break this challange :(

  • Yup this challenge and also the Cartographer challenge seem to be broken :(

  • Just confirmed that the this challenge is working again.

    Hack The Box

  • Hello guys,
    I'm trying to do the advanced stuff with "The tool" but "The tool"'s telling me that there are "no data retrieved".
    Already google it, but I'm not finding anything useful.

    Please, can anyone send me towards the right direction?

  • Thanks to @agentjones for the hint, finally got it!

  • Managed to get the flag without any tools, really nice challenge.

    Can DM for hints but please tell me what you've already tried :)

  • I got stuck on this one for longer than I liked. But it was because I didn't know about some of my options, and I wasn't paying enough attention. Thanks for the hints in the thread, they helped me get out of my rabbit holes. I think this challenge is pretty tricky because you can get stuck easily. But I learned so it's good :smile:

  • Hey there! I managed to display some hashed datas but I can't figure out how to access the login form. The hints say "read the source code" but even after I perfomed directory listing and had a look on each accessible file I can't find this login form ... Any hint on "how to read source code"? :dizzy:

  • Completed. No hash cracking or logging in required for flag.

    alt text

Sign In to comment.