Hi guys. I am stuck for hours after bypassing the WAF and exploiting the vulnerability and cracking the obtained hashes. The revealed passwords don’t seem to be valid for one of the users enumerated earlier. I found two other users after expanding my username list and using k*****te but I still don’t have valid password. Am I on the right path or should I perform further enumerations such as directory enumeration, ldap etc…?