can anyone help please…only one HTML page showing with none of the entitled link or any hidden tage …please help me regarding this
try some BruteForce …
search what Lernaean means, and you’ll find the tool you need :B
I have the original kali rockyou list and burpsuite intruder. The file is trying for 2 hours. Yet still ain’t cracked. What am I missing?
I tried with hydra which is 100x times faster to crack than burp. But after an hour’s work, the rock you still didn’t crack it. Any clues ?
The original rockyou… is it the one with all the numbers at the top? If so, don’t use that one. Get rid of the numbers. Also, check your hydra command and make sure you have the failure code included.
You’re looking for a password right? I think john has some great lists that are shorter and more suitable to this than rockyou, maybe check them…
Use rockyou, make sure you increase the number of threads while using the “tool”, makes it significantly faster.
I used Hydra and rockyou list and got some number of passwords but none seem to work
@FloptimusCrime said:
I used Hydra and rockyou list and got some number of passwords but none seem to work
null-byte helped. got the flag
@FloptimusCrime said:
@FloptimusCrime said:
I used Hydra and rockyou list and got some number of passwords but none seem to worknull-byte helped. got the flag
I am also using hydra with rockyou.txt but still after 2 hours nothing found.
I have managed to crack the pass and then to intercept noooooop.html and see the request header and the responce header but i can not CTF any hints???
I also found a tag with the value HTB{l4nke_3d_son} or similar.
Can you give me any hit?
I’m brand new to all of this. I’m using two password lists with Hydra using the command
hydra -l "" -P /path/to/list -t 1 -s ##### -f 88.198.233.174 http-get /
But it just matches the very first word in each list.
Then I learned that I need define the failure message for Hydra. I read the null-byte tutorial on intercepting form parameters and am following the instructions therein, but rather than giving me the all the parameters, Burp’s only output for me is the password I just attempted:
Content-Type: application/x-www-form-urlencoded
Content-Length: 14
password=bingo
Where am I going astray?
@FloptimusCrime said:
@FloptimusCrime said:
I used Hydra and rockyou list and got some number of passwords but none seem to worknull-byte helped. got the flag
Hi How did this work for you? sorry what is null-byte