there is a file through my dirb…but too odd…**.php is this valuable or something…just prints out a single number.hmm
yup
@Shad0wQu35t said:
there is a file through my dirb…but too odd…**.php is this valuable or something…just prints out a single number.hmm
Really? Dirb hasn’t found anything like that for me
yeah there is also an /mg and /s-ss pages but not much more hmm
Type your comment> @S1ph1lys said:
yeah there is also an /mg and /s-ss pages but not much more hmm
idk man my dirb didn’t show those stuff…nikto didn’t give me anything too
i tried several dictionaries before finding 2 files + protected folder…
How many wordlists/scanning tools are we going to need on this…
All the tools I just hope it’s not a guess box
I found all of those pages with dirbuster and just the common word list… What word lists are you guys using?
I just switched, but was using dirbuster medium.txt
Gotcha, well I have a login page but I am not finding any good leads as to where to get creds, I’m with @S1ph1lys, I hope its not a guess box lol
Seems like a bruteGuess box…
+1 I hope its not a guess / brute box
no creds found
i also have two php pages **.php and *****.php along with a protected dir. Not able to find anything else
I guess I’ll have to try brute forcing when I get off work, connection is too ■■■■ here. What do you guys normally use when brute forcing this kind of authentication? I am pretty sure it is pretty easy through B.S. but I am curious if anyone else prefers another way, if you wanna PM me I am eager to learn!
You do not need to bruteforce to get past the wall.
i use wfuzz to brute force basic authentication
hydra is nice too
so you made a good guess
Type your comment> @poker1 said:
so you made a good guess
No guessing either. I’ll be checking back soon, but RCE feels so close.