Type your comment> @Cybeernoob said:
Looking for a hint on logging into c*******…
Brute force with a popular list, there is a snakey script related to the software version that can help you deal with csrf tokens.
Type your comment> @terabitez said:
Thanks @argot. Your teacher reference helped me not feel insane after many variations of directory scanning failed. @Nihlander writing a script and “guessing” aren’t really the same things. I found the default creds on the developers websites, but no dice. Throwing hydra at it currently since my logically targeted guesses aren’t working.
A little nudge on thought process of where other potential passwords might be found would be helpful.
Having fun with you guys though so far
Indeed, writing a script to bruteforce the creds and guessing aren’t the same thing. The credentials are so basic that can be guessed though.
I found a login (the m********* one) . found 2 php files with just plain text as output .
found a directory which need authentication. Need to logged in any help please
Rooted a few hours ago.
Respect for the maker of the CVE but I felt like he just made that machine to do
a publicity stunt for himself.
Hints:
- Think simple you dont have to “GET” what you need as soon as you enumerate all of the pages
- API is never worthless
3.CVE x2
@NiC95 Check @argot’s hint earlier in the thread.
Choose your words carefully when making a request.
I am in urgent need to root this box (means i have less time )
i have found c**** exploit py but it is not working but it is also suppose to work
please pm me with this i need hint
as far as I can tell, the credentials provided on the developers webpage, don’t work
reading this discussion it is said that they are really simple
hmmm
Type your comment> @gorg said:
as far as I can tell, the credentials provided on the developers webpage, don’t work
reading this discussion it is said that they are really simple
hmmm
i am inside c****
just exploit not working
In this box both exploits did not work for me. But after repairing they work well.
So consider that as a part of the game and happy rooting
Please PM me if you have a useful hint. Got all the pages, yes I got the ‘doc redirected’ as well. This box is irrational, comments above prove it. Yes Teacher/yes GET# etc, still can’t get a foothold. :@
Type your comment> @Thms84 said:
Please PM me if you have a useful hint. Got all the pages, yes I got the ‘doc redirected’ as well. This box is irrational, comments above prove it. Yes Teacher/yes GET# etc, still can’t get a foothold. :@
Never mind, I give up. Does not worth the time.
Well, my native language is not English, so it’s hard for me to guess which page I should access with these tips. Is there a technical way to find this page that starts with c? I mean, is it possible to find it with some Kali wordlist, for example?
What I have so far are the three already mentioned.
a*.***
p****.***
m*********
I’'ve done all kinds of requests that can be made with the protocol, and nothing.
Edit: Just to explain, the tips are language independent, I was making a typing mistake. =/
I’'ve done all kinds of requests that can be made with the protocol, and nothing.
Which ones specifically? Did you not get any extra information from them?
Type your comment> @rowra said:
I’'ve done all kinds of requests that can be made with the protocol, and nothing.
Which ones specifically? Did you not get any extra information from them?
PM you.
augh!! any hints on the c******* login credentials? i know it is supposed to be easy but I have gone through all the plainly obvious ones…
Type your comment> @krisd4 said:
augh!! any hints on the c******* login credentials? i know it is supposed to be easy but I have gone through all the plainly obvious ones…
Are you sure about that? If you rock the authentication, you should gain some useful information.
@godzkid said:
Type your comment> @gorg said:as far as I can tell, the credentials provided on the developers webpage, don’t work
reading this discussion it is said that they are really simple
hmmm
i am inside c****
just exploit not working
hw did u get in ?
Type your comment> @hackerst34k said:
hey @krisd4 how did you find that c****** login pages because i tried every wordlist but i didnt find any directory starting with c*****
refer to the teacher hint…“verbs” can be an attack vector by teacher especially when u r in an English class.
am stuck on /c****** creds
i can’t find them on developers webpage as said
please any hint ?
terrible. i stuck on finding /c****** to and need help. please !