Wall

All the tools :slight_smile: I just hope it’s not a guess box

I found all of those pages with dirbuster and just the common word list… What word lists are you guys using?

I just switched, but was using dirbuster medium.txt

Gotcha, well I have a login page but I am not finding any good leads as to where to get creds, I’m with @S1ph1lys, I hope its not a guess box lol

Seems like a bruteGuess box…

+1 I hope its not a guess / brute box
no creds found

i also have two php pages **.php and *****.php along with a protected dir. Not able to find anything else

I guess I’ll have to try brute forcing when I get off work, connection is too ■■■■ here. What do you guys normally use when brute forcing this kind of authentication? I am pretty sure it is pretty easy through B.S. but I am curious if anyone else prefers another way, if you wanna PM me I am eager to learn!

You do not need to bruteforce to get past the wall.

i use wfuzz to brute force basic authentication
hydra is nice too

so you made a good guess

Type your comment> @poker1 said:

so you made a good guess

No guessing either. I’ll be checking back soon, but RCE feels so close.

Type your comment> @argot said:

You do not need to bruteforce to get past the wall.

so to clarify you found the creds, you did not have to guess?

That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php

.

There’s a hidden directory scripts don’t leak…

@argot said:

That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php

Do you mean p****.php for that last one? Haven’t seen p******.php

there is another page that you get 40*

If you are having trouble finding a thing past the regular dirb stuff, I suppose the right dictionary list would help, but you really only need to consider a couple of verbs.

Congratz @qtc