I have passed the login stage, and am now on the home page. I don’t know where to look next. Hints please, no spoilers.
Play whith the url and fun e yourself
Play with the URL you might find the information you are looking for.
fuzz url … and remember u r searching flag …
Hey i’m on this shallenge but i can’t figure out how to get into the admin console. Is is a good idea to bruteforce it ? Because the page does not return anything on bad login…
I wouldn’t recommend brute-forcing for this particular challenge - there are other ways you can attack a login page
Hey guys. Currenlty working on this puzzle. I’m using wfuzz to try to fuzz the URL, but every hit I get comes back with code 302… Which doesn’t seem right. Here’s my command:
$ wfuzz -u http://88.198.233.174:35793/panel.php?info=FUZZ -z file,/home/user/list.dic
But my results show as:
000001: C=302 0 L 0 W 0 Ch “home”
000002: C=302 0 L 0 W 0 Ch “test”
000003: C=302 0 L 0 W 0 Ch “boo”
Any pointers or hints would be appreciated. I’m just not quite sure what I’m doing wrong.
Looks like adding the PHPSESSION cookie fixed it.
Finally I get the flag isn’t easy the challenge but neither is very difficult is necessary a bit of imagination. Only is necessary search intensely the flag!!
In this challenge perseverance and imagination is put to test a bit
No tools used to complete this challenge. Play with url and thing like a typical guessing game.
Is this for module: web request - post method ?
i dont get the phpsession key. If i log in with quest:quest or admin:password i get a HTTP 200 ok and no key