Attacking Common Applications - Skills Assessment III

What is the hardcoded password for the database connection in the MultimasterAPI.dll file?

I checked MultimasterAPI.dll with x64dbg and dnspy but I’m stuck here! I can access sqlcmd directly from terminal and found several accounts and passwords but nothing else. if someone has a tip from where to start to capture the password in Multi…dll would be very helpful thanks.

Same question

You will find it in MultimasterAPI.Controllers → ColleagueController (in dnSpy, of course)

3 Likes

Now I understand why there are 0 cubes for this question…I thought we needed reverse engineering. Thanks really for the advice!

2 Likes

The machine is unstable … it die after some time… may be someone else is also facing the same issue… I have restarted the machine a couple of times… and also downloaded new connection file … but the issue persist…