[WEB] Console

2»

Comments

  • Finally, tip, use a good WFuzz filter.

  • I found the public key and token, am I in the right direction?

  • It was fun.
    tips:

    • read the source code
    • learn auth process
    • write some code
    • get the flag

    Feel free and DM me.

  • Is there some special wordlist I should use? I have read the code and understood how the token is generated. My wfuzzing did not produce any hits.

    I am hesitant to use the r****** wordlist as the list generate from that seems to crash wfuzz.

  • Type your comment> @Log1c888 said:

    I found the public key and token, am I in the right direction?

    Yes, you are. I am you from the future.

  • Do I need to install the php console in the google chrome to solve this challenge??

  • "Make sure to load php-console in order to be prompted for a password", can somebody explain me what console?

  • Fun to do some scripting, thanks!

    Hack The Box

  • Just solved the challenge if anyone need any help you can DM me.

  • Solved challenge with famous snake in two ways. Feel free to DM.
    Interested to know if someone solved it with Jo**TR and with which syntax, tried several syntax but failed.

    Nayth

  • Finally solved it. Thank you @Umuril for all the insights.
    dm me for tips here or in the HTB discord.

    flejz

  • Type your comment> @HarmfulPerson said:

    "Make sure to load php-console in order to be prompted for a password", can somebody explain me what console?

    https://chrome.google.com/webstore/detail/php-console/nfhmhhlpfleoednkpnnnkolmclajemef/related?hl=en

  • Just Recon and little scripting for ..

    Fedriclesomar
    Try Harder! | Rarely Active on Forum

  • HINTS:
    There is a 'PHP Console' plugin for Chrome.
    My console was not working properly so I went to Network tab (preserve log) and found out what it was happening.
    The same plugin could show you some authorization techniques.
    Be gentle but be brute.

  • hints to get password?

  • Hi friends, I found the token and publickey. But stuck at here. Help me with hint please.

  • Type your comment> @JackSparr0w001 said:

    Hi friends, I found the token and publickey. But stuck at here. Help me with hint please.

    Find the Auth process. ;). Thanks guys!

  • Hello, can someone PM me about it please ? I found the code, the auth process but i can't reproduce the token i'm sending, thanks guys :)

  • PM for nudges, basically just source code reading and scripting

  • Hi, I am stuck in console challenge, I got the php-console, unable to find password. Need some nudge!!

  • Type your comment> @azasdf74M said:

    Type your comment> @HarmfulPerson said:

    "Make sure to load php-console in order to be prompted for a password", can somebody explain me what console?

    https://chrome.google.com/webstore/detail/php-console/nfhmhhlpfleoednkpnnnkolmclajemef/related?hl=en

    Would anyone mind to share the link of this PHP console again as the above link is dead. Thx so much

  • Type your comment> @dikxmb said:

    Type your comment> @azasdf74M said:

    Type your comment> @HarmfulPerson said:

    "Make sure to load php-console in order to be prompted for a password", can somebody explain me what console?

    https://chrome.google.com/webstore/detail/php-console/nfhmhhlpfleoednkpnnnkolmclajemef/related?hl=en

    Would anyone mind to share the link of this PHP console again as the above link is dead. Thx so much

    Just find the source code. No need to use chrome web store.

  • Are we sure this challenge is viable any more? I get taken in a loop of dead links.

  • edited November 2020

    Hi,

    as the php console is not available anymore in the chrome store. Does anyone know about a method about simulating the behavior so that server "thinks" php-console extension is installed and sends the proper response that will let me start to work on the challenge?

    Thanks.

    Edit: Solved. I just installed the extension manually via Chrome developer mode.

  • This was definitely my favorite of the web challenges I've done so far. I thought it was a lot of fun and life like. Took longer than it should have because I went down some rabbit holes after my first technique, but came back out of frustration and decided to throw more rocks at it. Put in a print statement just so that there was screenoutput so I could see if it was still going and then was like "wait, why is it printing a blank line every other line? ugh, you dumbass!!"

    Hilbert

  • @earl12 said:

    Edit: Solved. I just installed the extension manually via Chrome developer mode.

    This can be done by downloading the source of the extension and load it 'unpacked' in the browser developer mode?

    Regards,
    qmi

  • @qmi said:

    @earl12 said:

    Edit: Solved. I just installed the extension manually via Chrome developer mode.

    This can be done by downloading the source of the extension and load it 'unpacked' in the browser developer mode?

    Answering my own question: yes .

    Regards,
    qmi

Sign In to comment.