If this is too much to ask just say so but… should I be “dictionarying” m********* or c*******? I’m trying to use h**** for it but I’m new to it so I can’t tell if what I’m doing wrong is syntax or what I’m going after.
Thanks in advance
EDIT: I think I was using the wrong approach. Tried piping in my passwords of choice to something else that I had come across but though I’d need to know the creds already
Can anyone who did not find the password by “guessing” but by brute forcing- contact me and tell me his/her way to approach ? I build a small script using curl to read cookies+token and use them for request but it fails all the time.
Root hint:
Do your basic enum. and watch the output very carefully. The exploit is straight forward. and once you found it, don’t spoil other people. clean up your tracks quickly. good luck
Init HINT for dumb people like me who can’t find с*******:
First you need to find m*********
to search for m********* you need to do the most common thing that can be done with d**b tool and at the same time not give him anything that is outside of his standard directory.
After that, pay all attention to the found m*********, but, as already said, you do not need brute force!
Then the question arises: what can be done other than brute-forcing?
Here you need a hint about the teacher and verbs.
however, this was not enough for me: note that sometimes a slash can be crucial
after that you should look at what the server told you.
I hope I haven’t suggested too much?
Can anyone who did not find the password by “guessing” but by brute forcing- contact me and tell me his/her way to approach ? I build a small script using curl to read cookies+token and use them for request but it fails all the time.
If you know the exploit you need to use, you can easily convert that into a brute force script, that’s how I did it (even after guessing it, I made the script anyway)
I have problems to make the payload work fine. It looks that everything is correct but I can’t get the reverse shell working… any hint for this? please PM and thanks in advance.