I got the password using cURL, BASH and intruder. I was not able to make the mentioned py script work for me. If someone will share their py script I would appreciate it very much.
I found the initial foothold difficult but learned new things on the way. PM me if you need help. Even thou I think reading this trend trough a couple of times should provide all help that is needed.
Breaking down and asking for a nudge, kick or push for Mango. Trying to get user credentials and stuck. Thanks
Assuming you’ve got something to attack, it is a bit painful. The best suggestion I can make is to search for the database technology you are looking at and the words password extraction. You should find a blog post which helps build the attack script you need.
For anyone having problems using some p****n scripts they found to crack the login page:
Those are proof-of-concept scripts. They are built for one specific server, which uses a different type of login page. Look at the browser or burp to see what the login request has to look like and change accordingly.
The scripts are not build for realistic environments; this box is realistic enough to force you to improve the found script quite a bit.
Don’t just execute the scripts, understand them and build a better one.
I was able to harvest 2 usernames and 2 passwords with the modified python script, but neither seems to work…is it possible that the passwords contain special characters?
The a*******s page is showing a codepen error :
Current key is only applicable for *.codepen.io.
Read more info about this error
You are trying to use the following key: XXX-XXX-…
Is it important or it hinders the challenge ?
Rooted, nice the user part, python helped me a lot to harvest users name and passwords.
About the root, I got the flag without the root shell, if somebody got the shell can PM me?
I don’t understand why my command didn’t work.
thanks.
found login page finally! this is so different to what ive been used to that i am very stuck, is there any kind person on here that would be willing to take me under your wing and help me out?
found login page finally! this is so different to what ive been used to that i am very stuck, is there any kind person on here that would be willing to take me under your wing and help me out?
This step can be a bit painful. I never ended up with a fast script (or a pretty one), but if you google the DB name and password extraction, you might find an article which helps.