[WEB] Freelancer

Spoiler Removed

oh wow. what a beast, didn’t know you could do that.
slick.
A+++ to the creator. brain building happened.

Finally done… yep. What I can say for people like me (noobies in web) - find weak place analyzing crazy formatted file %), apply tool mentioned above, again start search applying tool going deeper and deeper… until got a flag %))) (I think it is not spoiler due to all mentioned here already known in this thread). PS: and don’t overthink - some things are much simpler
PPS: And you should read tons of information about how works www applications if you never deal with them before %) like me - to be able to see important information in files)

Was fun…

Type your comment> @Mapperist said:

How far off am I?

Pretty close but not final trip point %)

@idealphase thanks a lot dude. finally, done.

@0x71rex said:
@idealphase thanks a lot dude. finally, done.

Congratulations man. It’s your well done. I’m just hint provider.

rooted, nice box

Actually, you don’t need any tool except web browser. Just read sources closely and use one of OWASP Top 10 vulnerability. Nothing more needed.
Tools were a rabbit hole for me.

It can be done by hand, but using a specific tool makes things a lot easier and faster…

Awwe piece of cake :wink:

what’s with @)) or % hint? what are these??

Type your comment> @dnperfors said:

@b1narygl1tch , yes that is the tool.
@Mapperist, are you sure you have the right directory?

please check your PM :slight_smile:

Anyone available for a DM? I think I’m at the final step, but could use a second opinion. :slight_smile:

@passkwall said:

Anyone available for a DM? I think I’m at the final step, but could use a second opinion. :slight_smile:

@passkwall: I tried sending you a DM but I’m not sure it went through.

I’ve reached up to a special user and his hashed password using “The Tool”, I wasn’t able to find another way as mentioned by others? any nudge/hint please? wasted almost a day :frowning:

@Un1k0d3r said:

I’ve reached up to a special user and his hashed password using “The Tool”, I wasn’t able to find another way as mentioned by others? any nudge/hint please? wasted almost a day :frowning:

I’m not sure how others solved this, but I never actually logged in as that user.

What other interesting things can that tool do? (That may or may not show up in said tool’s -h help menu)

can anyone DM some spoilers. I got the Hash and a login page. stuck on here now… Please DM me …

@Tink2hack I sent you a DM. Working through this as well if you’d like to work together using some of ori0nx3 's hints

Type your comment> @Tink2hack said:

can anyone DM some spoilers. I got the Hash and a login page. stuck on here now… Please DM me …

Same here. I have the user, his hash, and all information I want from the DB (readonly), but I don’t know what else to do.

@Tink2hack @WilliamGiraldo
Feel free to DM me either here or on the discord server if you’re still stuck.