[WEB] Freelancer

Is the “tool” s****p? I tried it with s**l option, but unsuccessfully.

Alright - I’ve tried and tried with the tool and found that the current user has the file priv. However, I can’t seem to read or write anything in the /admin…/ dir.

How far off am I?

@b1narygl1tch , yes that is the tool.
@Mapperist, are you sure you have the right directory?

Spoiler Removed

oh wow. what a beast, didn’t know you could do that.
slick.
A+++ to the creator. brain building happened.

Finally done… yep. What I can say for people like me (noobies in web) - find weak place analyzing crazy formatted file %), apply tool mentioned above, again start search applying tool going deeper and deeper… until got a flag %))) (I think it is not spoiler due to all mentioned here already known in this thread). PS: and don’t overthink - some things are much simpler
PPS: And you should read tons of information about how works www applications if you never deal with them before %) like me - to be able to see important information in files)

Was fun…

Type your comment> @Mapperist said:

How far off am I?

Pretty close but not final trip point %)

@idealphase thanks a lot dude. finally, done.

@0x71rex said:
@idealphase thanks a lot dude. finally, done.

Congratulations man. It’s your well done. I’m just hint provider.

rooted, nice box

Actually, you don’t need any tool except web browser. Just read sources closely and use one of OWASP Top 10 vulnerability. Nothing more needed.
Tools were a rabbit hole for me.

It can be done by hand, but using a specific tool makes things a lot easier and faster…

Awwe piece of cake :wink:

what’s with @)) or % hint? what are these??

Type your comment> @dnperfors said:

@b1narygl1tch , yes that is the tool.
@Mapperist, are you sure you have the right directory?

please check your PM :slight_smile:

Anyone available for a DM? I think I’m at the final step, but could use a second opinion. :slight_smile:

@passkwall said:

Anyone available for a DM? I think I’m at the final step, but could use a second opinion. :slight_smile:

@passkwall: I tried sending you a DM but I’m not sure it went through.

I’ve reached up to a special user and his hashed password using “The Tool”, I wasn’t able to find another way as mentioned by others? any nudge/hint please? wasted almost a day :frowning:

@Un1k0d3r said:

I’ve reached up to a special user and his hashed password using “The Tool”, I wasn’t able to find another way as mentioned by others? any nudge/hint please? wasted almost a day :frowning:

I’m not sure how others solved this, but I never actually logged in as that user.

What other interesting things can that tool do? (That may or may not show up in said tool’s -h help menu)

can anyone DM some spoilers. I got the Hash and a login page. stuck on here now… Please DM me …