Is the login page a rabbit hole? and should I be brute forcing it?
@codo said:
Is the login page a rabbit hole? and should I be brute forcing it?
Maybe and no. Continue your enumeration.
Tip: If you’re using gobuster enable the following file extensions:php,txt,html
with the -x
flag.
And as @0x29A said, common.txt
from seclists is enough
I have a shell. Does anyone have any hints for finding/getting to the user.txt?
Thx Skunkfoot and fjv, i got shell now
@fjv I actually tried it with the extensions + directory 2.3 medium. I will try again with common.txt
Nope nothing… Maybe I oversee something, but I have no clue how to continue
@NicoF2000 said:
Nope nothing… Maybe I oversee something, but I have no clue how to continue
Hmm, I am in the same boat as you.
The only 200 that came back was for index.php…
@avoidy said:
Hmm, I am in the same boat as you.
The only 200 that came back was for index.php…
Same here
i’m stuck on that op***** config
Spoiler Removed - egre55
the initial page gives pretty good hint about how to use gobuster
Hey Dave, do not know the user.txt ?? can someone PM me how can I find it???
@agnarus said:
Hey Dave, do not know the user.txt ?? can someone PM me how can I find it???
on the same boat. Not sure how to proceed from dave to find user.txt
@gudj4qu3r said:
@shadow2Xx, @avoidy and @NicoF2000 maybe you need to get one word from the initial page and do something with it … If i’m spoiling too much please delete it!
Perfect hint mate. Thanks a lot.
@axle05 said:
@agnarus said:
Hey Dave, do not know the user.txt ?? can someone PM me how can I find it???on the same boat. Not sure how to proceed from dave to find user.txt
Maybe you are in the wrong place
I don’t know how to approach the login page…i tried bruteforcing, sql injection…nothing worked! Any hints ?
Guys, just like almost every other box, no bruteforcing is required at all. If that’s what you’ve resorted to because you can’t find anything else (I know I did), you probably need to enumerate more.
@Skunkfoot said:
Guys, just like almost every other box, no bruteforcing is required at all. If that’s what you’ve resorted to because you can’t find anything else (I know I did), you probably need to enumerate more.
Ok thnx Brute is my last resort…i’m just stuck
You have to guess the first folder before running gobuster… then keep enumerating until you find something really exploitable.