Seem to be having a problem with the initial fuzzing, don’t seem to be able to find the directory
Update, i think i have found the command that will fine the directory. But it is making no sense. Can someone message me with a nudge of that i am missing. Have ffuff running and not returning every line in the file.
I’m new in the hacking world and I have decide to try this machine, but I’m struggling to understand the py script or even run it, I’m not a python person, my mistake it seems.
So I have found the directory and the py script and I need help to understand it, is anyone able to help me?
Thank you
bro how you found the secre directory and py file can you help me please
I have used dirb with a wordlist file, that was the easiest part, at least for me.
found .py file by hand… i just read the webpage… but my python knowledge is lacking here… could somebody give me a nudge? i’m spending way to much time on this step of understanding the py file…
Rooted!
Nice box, I love when you have to reverse something.
Tip: once you find that file, everything will be straightforward.
As always, try in your own box before exploit anything there.
Still trying to find the “key”, played around with the script for too long now with no progress. Is it something we find, or something that can be inferred? Any nudge would be much appreciated.
EDIT: got user, thanks @phycomp for the nudge! Made it so much harder on myself by not actually reading the file, lol
I’ve found the script, but I’m not entirely certain what it does. I am not looking for the answer so much as a nudge as to what I should be researching next. I have some small understanding of the language, but could use a little help on how to understand constructing an input that triggers an unwanted response from the server. Have tried a few random curls to see if something interesting happens, but no dice.
On the main page you can find direction (file in dir), you can try to find this ‘directory’ manually or use small wordlist of very common dirs. It is important to look at the very specific error message.