After found the login form with dirb, i need to enumerate and find the username ?
Anyone available for a pm ?
whats the path?
If something apparently juicy you found doesn’t seem to get you anywhere, look elsewhere. This challenge has a few ratholes.
For sp we
Took me a few minutes to get the hash using the proper tools, then got stuck after that for a while!
I believe (as mentioned here before) that no need to crack any hashes, my question is, would the same tool that got me the hashes help afterwards? I tried most of its options shown in the -hh with no luck.
I appreciated any help here.
@salt yes, that same tool can do more than just pull data out of a db… check the options again for other interesting features.
I can get the same place with you, and I can download it through the tool, but I can’t upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?
Type your comment> @alex57xp32 said:
I can get the same place with you, and I can download it through the tool, but I can’t upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?
Passed, it really is a problem that I did not analyze carefully. In fact, the answer has been found, that is, I have not seen it.
this one was a pain just because i didnt pay atention to what i found. initially i thought that source code that i see in the URL is the same that im getting with that tool but it wasnt. so make sure to read the source your getting with that tool
nice challange
■■■■! Fucking finally did it. Without the “This tool can do more than just that” I would surely be stuck! Coolest challenge so far… You always think you know a lot, but then BAM, the manuals hit you in the face.
I see the comment about line on some page, but am not sure about how would i access it or change it.
any nudges?
This is bugging the ‘heck’ out of me! I got the vuln pinned. Used the ‘tool’ to grab all. Then used a function of the tool to get some more stuff and found a pw in a cfg file. Can’t seem to use the tool to put stuff back though. And can’t figure out where the ‘F’ in Flag is!!
@PenTestPumpkin look at more files. Especially ones related to the website. Might need to use some other tools to find which files there are…
stuck at login page… please suggest what to do next…
I can’t seem to get this one. I’ve found the login page, but it doesn’t seem injectable using a ‘tool’. I’ve found some .ht* files, but I don’t know how to get around auth for those. Am I using the right tool? Am I trying to inject the right spot?
Need help! Found login directory, hashed password and configuration file but don’t know how to proceed. Can someone PM me?
EDIT: Solved it!