Could anyone give me a hint? I’ve got the password hash and login page. I tried using the tool to somehow crack the hash, no luck. What am I missing? what is the OWASP top 10 thing that everyone is talking about?
If anyone could DM some hints, that would be appreciated
can anybody help me with this i got the login page and the tool everybody is talking about i think i figured it out but it didnt give me any results can anyone please pm me so that i can clear my doubts…
Hello guys, same problem. I’m stuck in the same point: I have got credential and login page. No luck with injection in login page. I have found other 2 pages:
one give me a 302, I tried some parameters with no luck.
the other is a contact page where parameters seems not to be injectable. In the source file I have found a comment referring a line 19 of PHP file but I cannot correlate these info… Please give me a hint, I’m blocked since 1 week…
Hello guys, same problem. I’m stuck in the same point: I have got credential and login page. No luck with injection in login page. I have found other 2 pages:
one give me a 302, I tried some parameters with no luck.
the other is a contact page where parameters seems not to be injectable. In the source file I have found a comment referring a line 19 of PHP file but I cannot correlate these info… Please give me a hint, I’m blocked since 1 week…
Found the injectable page, he login page, username and password hash but i don’t know what to do now, can anyone help me??
I read the code but nothing more than the first injectable page, and can’t find the tool’s “magic option” you all talking about .
Some hint or PM pls, i’m being crazy.
Thank you all.
hi h@x0r$. used the sp tool against the p**o.**p script to dump all from the dbs, able to get username and hashed password, tried to use dirb and gobuster to scan all folders for hidden files, can’t find anything other than .ht, .htaccess, .htpasswd files which can’t read. plz h3lp.
WOW, I really need to thanks you for immediately telling that brute forcing the hash is not the correct way to go, actually you need only a couple of tools to find everything you need.