[WEB] Freelancer

Type your comment> @mattyboy123123 said:

I’ve discovered the login page and I’ve tried using the tool (s****p) but no luck and Im stuck, dont really know what to do… please can anyone give me a hint

you can read some files with that tool

I found user/pass from a vul. But i don’t find any path to using it although i used dirbuster and read source code html. Pls give me hint for what to do now?

I found hash and login pages, but I can’t login. I have difficulties. Can you give me some hints? What are you talking about the source code for reading? That’s the source code for that part.

Could someone PM a hint to the location of the hash? I feel like I’m missing something super obvious here

After found the login form with dirb, i need to enumerate and find the username ?

Anyone available for a pm ?

@Davincible: Check your inbox. If anyone else needs a hint, feel free to PM me!

whats the path?

If something apparently juicy you found doesn’t seem to get you anywhere, look elsewhere. This challenge has a few ratholes.

For sp we

Took me a few minutes to get the hash using the proper tools, then got stuck after that for a while!
I believe (as mentioned here before) that no need to crack any hashes, my question is, would the same tool that got me the hashes help afterwards? I tried most of its options shown in the -hh with no luck.

I appreciated any help here.

@salt yes, that same tool can do more than just pull data out of a db… check the options again for other interesting features.

I can get the same place with you, and I can download it through the tool, but I can’t upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?

Type your comment> @alex57xp32 said:

I can get the same place with you, and I can download it through the tool, but I can’t upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?

Passed, it really is a problem that I did not analyze carefully. In fact, the answer has been found, that is, I have not seen it.

this one was a pain :smiley: just because i didnt pay atention to what i found. initially i thought that source code that i see in the URL is the same that im getting with that tool but it wasnt. so make sure to read the source your getting with that tool
nice challange

■■■■! Fucking finally did it. Without the “This tool can do more than just that” I would surely be stuck! Coolest challenge so far… You always think you know a lot, but then BAM, the manuals hit you in the face.

I see the comment about line on some page, but am not sure about how would i access it or change it.
any nudges?

@ishansaha007 no line to change. Feel free to DM me for a hint.

This is bugging the ‘heck’ out of me! I got the vuln pinned. Used the ‘tool’ to grab all. Then used a function of the tool to get some more stuff and found a pw in a cfg file. Can’t seem to use the tool to put stuff back though. And can’t figure out where the ‘F’ in Flag is!!

@PenTestPumpkin look at more files. Especially ones related to the website. Might need to use some other tools to find which files there are…