[WEB] Freelancer

Some advice to speed up the breaking of the hash- pm me

There is no need to crack a hash, because there is another way.

Spoiler Removed

if you want to save time, dont try to crack the hash.
Think smarter (maybe like doing a real pentest)

No need to crack any hashes or brute-force any creds/logins. As usual, or at least in my limited HtB experience that’s not really how things are set up to be. There’s usually a #facepalm way to the goal.

@Kougloff Thanks for your answer man. I just got flag without cracking hash. :slight_smile: Fun and learn. If anyone needs hint don’t hesitate to PM me.

HINTS:

  1. update your wordlists (not for cracking :wink: )
  2. always read the code
  3. owasp top 10 <3

Managed to get flag only after restart challenge on another instance(port) and fired up “tool” again versus another instance.
Dunno what happened exactly…

p.s. no need to crack

Thanks to @innominate

Didnt know that functionality of the tool.

My hint would be that the initial thing you have to find in the code is easier to spot in view-source:// and not in developer menu. The source served me an easy to read oneliner

  • Found login form
  • Got username/password hash.
  • Hints are saying that I don’t need to crack the hash.
  • Tried basic auth bypass with correct username - no luck.
  • Stuck now.

Update wordlists hint from innominate is a good hint :slight_smile:

Is the contact form something I should test more thoroughly?

Is the contact form something I should test more thoroughly?

No

Thanks. I’ve managed to solve it in the end.
It’s very fun and good challenge.
@rheaalleen hints were also very helpful.

Read source + enumerate + exploit + the tool that you are using can do much more fun staff :slight_smile:
Run exploit again with your enumeration findings and you’ll have the flag.

Any good source for the wordlist update?

@syserror I didnt use anything special and havent updated in a while. I ran dirb with standard wordlist (meaning only url as parameter). If you want to be safe

  • apt purge dirb
  • apt install dirb
  • dirb -u url -z 100

I am totally new here. please help me to solve it. still i didn’t solve one

there are a couple of ways on this one. the easiest method IMO is to use the initial weakness and follow the source.

there’s another method that will get you the password without cracking.

a third approach is to actually crack the hash. didn’t try that personally but that could take a while…

dirb/wordlists may help but is not required. you can more or less guess what’s there.

Solved. All I can say is this: pen-test the application and, as someone else already said, READ the code. I’d suggest to get back to the basics, perform some well-known pen-test actions against your target. Use well-known tools with well-known parameters to that tool.

By the way, I wouldn’t recommend cracking the hash; it may as well be me that I am a total disaster when it comes to cracking bcrypt hashes with my word lists, but I tried it out of curiosity and no luck. If someone else has did it, I’d love to hear how.

So my hints:

  1. dirb. This will get you some interesting files you will need later on.
  2. Absolutely no cracking.
  3. Use a “tool” to do something with some of the files found in 1) and READ.
  4. Try harder.

@socialkas said:
Solved. All I can say is this: pen-test the application and, as someone else already said, READ the code. I’d suggest to get back to the basics, perform some well-known pen-test actions against your target. Use well-known tools with well-known parameters to that tool.

By the way, I wouldn’t recommend cracking the hash; it may as well be me that I am a total disaster when it comes to cracking bcrypt hashes with my word lists, but I tried it out of curiosity and no luck. If someone else has did it, I’d love to hear how.

So my hints:

  1. dirb. This will get you some interesting files you will need later on.
  2. Absolutely no cracking.
  3. Use a “tool” to do something with some of the files found in 1) and READ.
  4. Try harder.

Stuck on 4 as I think %)
Tryed :

@naveen1729 said:
the easiest method IMO is to use the initial weakness and follow the source.

but no success (first time using such tool - just went through available options).
Also tried to get pass without cracking (as it was in one recent challenge/box) but also no success. Now reading all output ( -a ) of “tool” - may be missing something else. Brute force - I think challenge will retire earlier of getting results %) Also have idea to try use hash directly with other tool with hope that developers did such “mistake” ^)…

I.e. if somebody wishes push me in proper direction - will be very appreciated %))

Much thanks to @idealphase , just got the flag.
Actually all the creds you get are not necessary if you proceed like me.
The tools you are using can do more stuff than you think.
If you need any hints, just feels free to PM me :slight_smile:

nice challenge i enjoyed

no need to crack just read