Got the login, the .php, the m******/, the s*****-s****/ and the p****.php, am I missing something to find creds?
Yeah I’m pretty much stuck at c******* and ran gobuster but haven’t found any creds
I’m guessing this is CTF-like so not expecting to find any creds
So, I’ve managed to discover the c******n directory but, haven’t discovered any creds.
Just needing to enumerate more or?
Type your comment> @Nihlander said:
So, I’ve managed to discover the c******n directory but, haven’t discovered any creds.
Just needing to enumerate more or?
Same, not liking this one already.
Managed to get logged in… I think it’s intended to just guess the password…
Did you wfu** it (or other methods) or guessed manually? I’m stuck at a directory mentioned before.
Was able to login to c******* but have no idea where to go next
Type your comment> @Nihlander said:
Managed to get logged in… I think it’s intended to just guess the password…
Was there a base to which you made a guess?
Type your comment> @acc3ssp0int said:
Type your comment> @Nihlander said:
Managed to get logged in… I think it’s intended to just guess the password…
Was there a base to which you made a guess?
Think simple. Really simple. I ended up finding the creds by writing a bash script to bruteforce the authentication via the API.
Type your comment> @argot said:
That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php
I found m******* , a*.php
Can’t find p******.php .
Give hint.
got all the pages. a*.php always returns the same response…rabbit hole?
Otherwise no clue where to go
Thanks @argot. Your teacher reference helped me not feel insane after many variations of directory scanning failed. @Nihlander writing a script and “guessing” aren’t really the same things. I found the default creds on the developers websites, but no dice. Throwing hydra at it currently since my logically targeted guesses aren’t working.
A little nudge on thought process of where other potential passwords might be found would be helpful.
Having fun with you guys though so far
Could anyone give a little hint other than @argot 's vocab one? I got /a*.***
, /m*********
and /p****.***
but yeah two of these are virtually useless and the last needs basic auth to which I don’t have anything at all
@rowra It’s about the way you approach the pages. Start thinking about different ways to view and interact with the pages.
Spoiler Removed
Fully enumerated but I am stuck on what to do next ??
And rooted. Very disappointed
Same, any hints on how to interact with .php or p**.php?