I guess I’ll have to try brute forcing when I get off work, connection is too ■■■■ here. What do you guys normally use when brute forcing this kind of authentication? I am pretty sure it is pretty easy through B.S. but I am curious if anyone else prefers another way, if you wanna PM me I am eager to learn!
You do not need to bruteforce to get past the wall.
i use wfuzz to brute force basic authentication
hydra is nice too
so you made a good guess
Type your comment> @poker1 said:
so you made a good guess
No guessing either. I’ll be checking back soon, but RCE feels so close.
Type your comment> @argot said:
You do not need to bruteforce to get past the wall.
so to clarify you found the creds, you did not have to guess?
That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php
.
There’s a hidden directory scripts don’t leak…
@argot said:
That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php
Do you mean p****.php for that last one? Haven’t seen p******.php
there is another page that you get 40*
If you are having trouble finding a thing past the regular dirb stuff, I suppose the right dictionary list would help, but you really only need to consider a couple of verbs.
Congratz @qtc
Completely stuck here with just a*.php, p****.php, m*********, s*****-******.
@argot can you give us another hint? lol
Type your comment> @n4sa said:
Completely stuck here with just a*.php, p****.php, m*********, s*****-******.
@argot can you give us another hint? lol
So, I figure there are two ways to get this. “Very good OSINT skills” or VERBS.
English teachers can be very good at monitoring their class. Often times, if you use the wrong verb, they wont let you go. If you use different VERBS, maybe they’ll let you go or at the very least they’ll be more talkative.
There are lots of verbs in the dictionary, but really you only need to know, like, six of them. Especially when trying to get a foothold.
Type your comment> @n4sa said:
nevermind @argot, I think I figured it out
I’m still waiting for Dirb to magically give me a directory with user:pass? will it work xd?
@SioVer I used gobuster, but dirb should be giving you the same directories depending on your word list. Honestly all the main wordlists should give you everything you need.
what has dirb found so far?