[WEB] Console

Let’s get this thing started! I love challenges involving undocumented programs…

Edit: Pretty good challenge, had fun scripting this.

Can we avoid installing Chrome? :smiley:

sure just read the code ¯\(ツ)

lol valid.

Am I diving down a rabbit hole by thinking I need to brute-force a salty hash to get things going toward auth? (I’m thinking not mostly b/c if so should be easy-ish not requiring lots of time or cpu/gpu to do… but… ?)

no need to crack any hashes

Type your comment> @0x41 said:

no need to crack any hashes

(Puts thinking cap back on.)

Very nice challenge I have enjoyed it, many thanks for 0x41 for your support.

Could anyone give me some hints for this one im kinda stuck

Type your comment> @Bonzer said:

Could anyone give me some hints for this one im kinda stuck

You will need first to know the target. did you get it ?

no, would I be going in the right direction by doing more fuzzing with burp intruder or dirbuster?

Type your comment> @Bonzer said:

no, would I be going in the right direction by doing more fuzzing with burp intruder or dirbuster?

Dirbuster is not needed to solve this challlenge. On the other hand, you should find a “backend/client technologie” which is in front of you. As always, the description of the challenge may help you to turn to the right direction. A little bit coding may be needed.

i’ve managed to get something working locally by:

!converting wordlists into correctly formatted cookie values and using wfuzz to test them all

but it doesn’t work on the challenge. even with a very big list. is this the wrong technique? Or have I messed it up?

Guys i’m stuck i dont know how to take it. I figured out that the “Make sure to load php-console in order to be prompted for a password” isn’t there in phpinfo() by default. That should mean i have to trigger somehow that php-console. But I can’t figure out how. Hints?

Just google it and take the first result

hints to get password

Type your comment> @abhijasud said:

hints to get password

Me too…

cracked the challenge, if anyone needs a nudge, please PM me :slight_smile:

any hint on the passwd?

Solved. PM me if you need any help.