@argot said:
That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php
Do you mean p****.php for that last one? Haven’t seen p******.php
@argot said:
That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php
Do you mean p****.php for that last one? Haven’t seen p******.php
there is another page that you get 40*
If you are having trouble finding a thing past the regular dirb stuff, I suppose the right dictionary list would help, but you really only need to consider a couple of verbs.
Congratz @qtc
Completely stuck here with just a*.php, p****.php, m*********, s*****-******.
@argot can you give us another hint? lol
Type your comment> @n4sa said:
Completely stuck here with just a*.php, p****.php, m*********, s*****-******.
@argot can you give us another hint? lol
So, I figure there are two ways to get this. “Very good OSINT skills” or VERBS.
English teachers can be very good at monitoring their class. Often times, if you use the wrong verb, they wont let you go. If you use different VERBS, maybe they’ll let you go or at the very least they’ll be more talkative.
There are lots of verbs in the dictionary, but really you only need to know, like, six of them. Especially when trying to get a foothold.
Type your comment> @n4sa said:
nevermind @argot, I think I figured it out
I’m still waiting for Dirb to magically give me a directory with user:pass? will it work xd?
@SioVer I used gobuster, but dirb should be giving you the same directories depending on your word list. Honestly all the main wordlists should give you everything you need.
what has dirb found so far?
Type your comment> @n4sa said:
@SioVer I used gobuster, but dirb should be giving you the same directories depending on your word list. Honestly all the main wordlists should give you everything you need.
what has dirb found so far?
s*****-s****/,p****.p, a.p, and the restricted one m******/
Type your comment> @n4sa said:
Yeah @SioVer that’s all you need. Look at argot’s hints above.
Ok, I think I got it. Thanks both
You do not need to bruteforce the basic auth
Spoiler Removed
Got the login, the .php, the m******/, the s*****-s****/ and the p****.php, am I missing something to find creds?
Yeah I’m pretty much stuck at c******* and ran gobuster but haven’t found any creds
I’m guessing this is CTF-like so not expecting to find any creds
So, I’ve managed to discover the c******n directory but, haven’t discovered any creds.
Just needing to enumerate more or?