Type your comment> @D8ll0 said:
Type your comment> @farbs said:
Type your comment> @init5 said:
@farbs said:
Validated users and dumped a hash. Onward!
Hints? ?
Figure out how to properly bypass the WAF
This is useful hint.
It worked with me.
This worked for me too. Bypassing WAF got me to next phase of exploitation.
There is a really easy way to get a list of 17 users on the web front end using one request and intruder.
Type your comment> @farbs said:
Type your comment> @init5 said:
@farbs said:
Validated users and dumped a hash. Onward!
Hints? ?
Figure out how to properly bypass the WAF
I’d be interested to hear if you have any pointers on how you got the hashes
Anyone had any luck with the hashes yet?
I’ve tried cracking them with some public lists, some of my own and from scraping and still no thing.
nav1n
March 8, 2020, 11:38am
25
Users?, You guys got users? , well any hints to get those 17???
Type your comment> @nav1n said:
Users?, You guys got users? , well any hints to get those 17???
You need to find the part of the site to do with names then bypass the WAF by talking to it differently to normal.
Sorry if this seems confusing. I tried to be clearer above and it got marked a spoiler.
nav1n
March 8, 2020, 11:46am
27
Type your comment> @GoldsteinNZ said:
Type your comment> @nav1n said:
Users?, You guys got users? , well any hints to get those 17???
You need to find the part of the site to do with names then bypass the WAF by talking to it differently to normal.
Sorry if this seems confusing. I tried to be clearer above and it got marked a spoiler.
Got it, thanks alot
farbs
March 8, 2020, 2:59pm
28
Got user! What a fantastic machine so far. Kudos @egre55 & @MinatoTW
init5
March 8, 2020, 3:15pm
29
I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?
@init5 said:
I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?
It’s crackable, just not the first thing you see
init5
March 8, 2020, 5:01pm
31
@clubby789 said:
@init5 said:
I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?
It’s crackable, just not the first thing you see
I got 17 in total with only 4 being unique, tried rockyou.txt against everything but nothing worked.
I am guessing I’m moving in the wrong direction.
farbs
March 8, 2020, 5:31pm
32
Type your comment> @init5 said:
@clubby789 said:
@init5 said:
I am bashing my head in the wall since last night even after bypassing WAF, nothing is crack-able from what I managed to dump. ?
It’s crackable, just not the first thing you see
I got 17 in total with only 4 being unique, tried rockyou.txt against everything but nothing worked.
I am guessing I’m moving in the wrong direction.
You’re not moving in the wrong direction. Try harder
init5
March 8, 2020, 10:36pm
33
cracked hashes… aaaand they aren’t leading anywhere?
Type your comment> @init5 said:
cracked hashes… aaaand they aren’t leading anywhere?
I’m at the same point lol
So if you have the passwords maybe you miss the other part…
I’m trying to ask this as cryptic as I can, please mark it spoiler if too much. So I managed to use a user/pass pair in a service where I was surprised I can only access ****** and can’t access D**********, found new information in ****** that I’m not sure yet how useful it is. Is that the way?
Edit: sorry was an idiot, got the user flag
Edit2: aaaaand it was decided that the ‘patch’ will reset all progress… not cool.