[WEB] Console

Anyone who can give me a hand?

Finally, tip, use a good WFuzz filter.

I found the public key and token, am I in the right direction?

It was fun.
tips:

  • read the source code
  • learn auth process
  • write some code
  • get the flag

Feel free and DM me.

Is there some special wordlist I should use? I have read the code and understood how the token is generated. My wfuzzing did not produce any hits.

I am hesitant to use the r****** wordlist as the list generate from that seems to crash wfuzz.

Type your comment> @Log1c888 said:

I found the public key and token, am I in the right direction?

Yes, you are. I am you from the future.

Do I need to install the php console in the google chrome to solve this challenge??

“Make sure to load php-console in order to be prompted for a password”, can somebody explain me what console?

Fun to do some scripting, thanks!

Just solved the challenge if anyone need any help you can DM me.

Solved challenge with famous snake in two ways. Feel free to DM.
Interested to know if someone solved it with Jo**TR and with which syntax, tried several syntax but failed.

Finally solved it. Thank you @Umuril for all the insights.
dm me for tips here or in the HTB discord.

Type your comment> @HarmfulPerson said:

“Make sure to load php-console in order to be prompted for a password”, can somebody explain me what console?

https://chrome.google.com/webstore/detail/php-console/nfhmhhlpfleoednkpnnnkolmclajemef/related?hl=en

Just Recon and little scripting for …

HINTS:
There is a ‘PHP Console’ plugin for Chrome.
My console was not working properly so I went to Network tab (preserve log) and found out what it was happening.
The same plugin could show you some authorization techniques.
Be gentle but be brute.

hints to get password?

Hi friends, I found the token and publickey. But stuck at here. Help me with hint please.

Type your comment> @JackSparr0w001 said:

Hi friends, I found the token and publickey. But stuck at here. Help me with hint please.

Find the Auth process. ;). Thanks guys!

Hello, can someone PM me about it please ? I found the code, the auth process but i can’t reproduce the token i’m sending, thanks guys :slight_smile:

PM for nudges, basically just source code reading and scripting