[WEB] Freelancer

Hey there! I managed to display some hashed datas but I can’t figure out how to access the login form. The hints say “read the source code” but even after I perfomed directory listing and had a look on each accessible file I can’t find this login form … Any hint on “how to read source code”? :dizzy:

Completed. No hash cracking or logging in required for flag.

I got the hash, but I don’t know how to crack it. Can anyone help???

You don’t need to crack the hash. There is other way to gain access. Use the map to find the treasure.

Is the 500 expected from contact me?

I really enjoyed this challenge. Everything has been already said, so just to repeat: read the source code.

Just got the flag. No need for dirb or cracking password. Just read the source. DM me if you need any help.

Hey everyone. I am stuck on finding what function to use in the tool, since I am kind of a noob in using it. Could someone DM me for a more in-depth hint?

EDIT: Nevermind, apparently I was very unlucky and tried lots of incorrect values. Finally solved it :slight_smile:

rooted! But I don’t know how to find /admin page? should i update my wordlist?

i did solve it it takes me 4 h
my hint:
1.read the source code
2.use that tool to steal some data(dont tink abute that hash nothing there well help you, you just want find that vulnerability)
3.brute force directory “dirb” or gobuster
4.what vulnerability you found in step 2 use that but you want more advance coomand

Need some help on how to obtain the mentioned hash data.

finally solved!

Nice challenge, like everyone says no cracking involved. I’m actually curious if anyone managed to get the flag by login into the admin account? If so PM me.

How can I find the admin panel any clues?

Type your comment> @jb7815 said:

Managed to get the flag without any tools, really nice challenge.

Can DM for hints but please tell me what you’ve already tried :slight_smile:

I tried using S***** and got username and password…Then what to do I don’t understand…plz give some hints in PM

ngl, took me way longer than it should’ve taken. If you are using that tool (s*****), then you should consider using s***** -hh and read it, something there could help you.

Thank u very much for this challenge @IhsanSencan . I have learned a bit more

funny chall. pm me for some hints :smile:

That was pretty fun! The hardest part was to find the “path”.
Tip to the others:
Yes you’re probably using the right tool.
Know WWW applications well.
Read.

Spoiler Removed