EDIT: i have managed to solve it by cracking the password. turns out i was using the wrong wordlist! sorry and thanks for reading!
hi, i have been trying out hackthebox starting point machines as a beginner. So far i am currently at the machine Vaccine. i am trying to complete the machines without using the guide as much as possible.
I have managed to get the source code for index.php and style.css via the zip file. Reading the source code it seems that i have to be able to get the plaintext equivalent of the hash or somehow trick the webserver into thinking i am already authenticated
these few lines from the source code are the interesting parts for me:
if($_POST[‘username’] === ‘admin’ && md5($_POST[‘password’]) === “2cb42f8734ea607eefed3b70af13bbd3”) {
$_SESSION[‘login’] = “true”;
header(“Location: dashboard.php”);
So far i have tried to crack the md5 hash but to no avail. i have also tried to access the dashboard.php page by setting my login cookie to true, however i am not able to get too much out of it.
Looking for someone to guide me in the right direction without actually spoonfeeding me the answers. Thanks for reading