Type your comment> @Nihlander said:
Managed to get logged in… I think it’s intended to just guess the password…
Was there a base to which you made a guess?
Type your comment> @acc3ssp0int said:
Type your comment> @Nihlander said:
Managed to get logged in… I think it’s intended to just guess the password…
Was there a base to which you made a guess?
Think simple. Really simple. I ended up finding the creds by writing a bash script to bruteforce the authentication via the API.
Type your comment> @argot said:
That is correct, no need for any creds if all you currentl see is m********, a*.php, and p******.php
I found m******* , a*.php
Can’t find p******.php .
Give hint.
got all the pages. a*.php always returns the same response…rabbit hole?
Otherwise no clue where to go 
Thanks @argot. Your teacher reference helped me not feel insane after many variations of directory scanning failed. @Nihlander writing a script and “guessing” aren’t really the same things. I found the default creds on the developers websites, but no dice. Throwing hydra at it currently since my logically targeted guesses aren’t working.
A little nudge on thought process of where other potential passwords might be found would be helpful.
Having fun with you guys though so far 
Could anyone give a little hint other than @argot 's vocab one? I got /a*.***, /m********* and /p****.*** but yeah two of these are virtually useless and the last needs basic auth to which I don’t have anything at all
@rowra It’s about the way you approach the pages. Start thinking about different ways to view and interact with the pages.
Spoiler Removed
Fully enumerated but I am stuck on what to do next ??
And rooted. Very disappointed 
Same, any hints on how to interact with .php or p**.php?
It sounds like most folks are just bruteforcing m*. would default kali wordlist work ??
i got the a*.*** and p****.*** and /m*******
and am stuck now . how can i find credsto login ?
any help
I don’t think root was intended as it is right now. Initial shell got straight to root with literally the first hit on google
Type your comment> @godzkid said:
I found m******* , a*.php
Can’t find p******.php .
Give hint.
The hint with the teacher and verbs is in reference to one of these pages. @terabitez helps too when clarifying that hint.
what do you think about b…p ? or just a rabbit
give hint,
in c********
no login
Looking for a hint on logging into c*******…