Wall

Completely stuck here with just a*.php, p****.php, m*********, s*****-******.

@argot can you give us another hint? lol

Type your comment> @n4sa said:

Completely stuck here with just a*.php, p****.php, m*********, s*****-******.

@argot can you give us another hint? lol

So, I figure there are two ways to get this. “Very good OSINT skills” or VERBS.

English teachers can be very good at monitoring their class. Often times, if you use the wrong verb, they wont let you go. If you use different VERBS, maybe they’ll let you go or at the very least they’ll be more talkative.

There are lots of verbs in the dictionary, but really you only need to know, like, six of them. Especially when trying to get a foothold.

nevermind @argot, I think I figured it out

Type your comment> @n4sa said:

nevermind @argot, I think I figured it out

I’m still waiting for Dirb to magically give me a directory with user:pass? will it work xd?

@SioVer I used gobuster, but dirb should be giving you the same directories depending on your word list. Honestly all the main wordlists should give you everything you need.

what has dirb found so far?

Type your comment> @n4sa said:

@SioVer I used gobuster, but dirb should be giving you the same directories depending on your word list. Honestly all the main wordlists should give you everything you need.

what has dirb found so far?

s*****-s****/,p****.p, a.p, and the restricted one m******/

Yeah @SioVer that’s all you need. Look at argot’s hints above.

Type your comment> @n4sa said:

Yeah @SioVer that’s all you need. Look at argot’s hints above.

Ok, I think I got it. Thanks both

@argot thanks for the hint, was stuck at that ‘wall’ for way too long :stuck_out_tongue:

You do not need to bruteforce the basic auth :wink:

Loving the box so far

Spoiler Removed

Got the login, the .php, the m******/, the s*****-s****/ and the p****.php, am I missing something to find creds?

Yeah I’m pretty much stuck at c******* and ran gobuster but haven’t found any creds

I’m guessing this is CTF-like so not expecting to find any creds

So, I’ve managed to discover the c******n directory but, haven’t discovered any creds.
Just needing to enumerate more or?

Type your comment> @Nihlander said:

So, I’ve managed to discover the c******n directory but, haven’t discovered any creds.
Just needing to enumerate more or?

Same, not liking this one already.

Managed to get logged in… I think it’s intended to just guess the password…

Did you wfu** it (or other methods) or guessed manually? I’m stuck at a directory mentioned before.

Was able to login to c******* but have no idea where to go next