I have passed the login stage, and am now on the home page. I don’t know where to look next. Hints please, no spoilers.

Play whith the url and fun e yourself

Play with the URL you might find the information you are looking for.

fuzz url … and remember u r searching flag …

Hey i’m on this shallenge but i can’t figure out how to get into the admin console. Is is a good idea to bruteforce it ? Because the page does not return anything on bad login…

I wouldn’t recommend brute-forcing for this particular challenge - there are other ways you can attack a login page :wink:

Hey guys. Currenlty working on this puzzle. I’m using wfuzz to try to fuzz the URL, but every hit I get comes back with code 302… Which doesn’t seem right. Here’s my command:
$ wfuzz -u -z file,/home/user/list.dic

But my results show as:
000001: C=302 0 L 0 W 0 Ch “home”
000002: C=302 0 L 0 W 0 Ch “test”
000003: C=302 0 L 0 W 0 Ch “boo”

Any pointers or hints would be appreciated. I’m just not quite sure what I’m doing wrong.

Looks like adding the PHPSESSION cookie fixed it.

Finally I get the flag isn’t easy the challenge but neither is very difficult is necessary a bit of imagination. Only is necessary search intensely the flag!! :wink: :wink:

In this challenge perseverance and imagination is put to test a bit :slight_smile:

No tools used to complete this challenge. Play with url and thing like a typical guessing game.

Is this for module: web request - post method ?
i dont get the phpsession key. If i log in with quest:quest or admin:password i get a HTTP 200 ok and no key