Let’s get this thing started! I love challenges involving undocumented programs…
Edit: Pretty good challenge, had fun scripting this.
Let’s get this thing started! I love challenges involving undocumented programs…
Edit: Pretty good challenge, had fun scripting this.
Can we avoid installing Chrome?
sure just read the code ¯\(ツ)/¯
lol valid.
Am I diving down a rabbit hole by thinking I need to brute-force a salty hash to get things going toward auth? (I’m thinking not mostly b/c if so should be easy-ish not requiring lots of time or cpu/gpu to do… but… ?)
no need to crack any hashes
Very nice challenge I have enjoyed it, many thanks for 0x41 for your support.
Could anyone give me some hints for this one im kinda stuck
Type your comment> @Bonzer said:
Could anyone give me some hints for this one im kinda stuck
You will need first to know the target. did you get it ?
no, would I be going in the right direction by doing more fuzzing with burp intruder or dirbuster?
Type your comment> @Bonzer said:
no, would I be going in the right direction by doing more fuzzing with burp intruder or dirbuster?
Dirbuster is not needed to solve this challlenge. On the other hand, you should find a “backend/client technologie” which is in front of you. As always, the description of the challenge may help you to turn to the right direction. A little bit coding may be needed.
i’ve managed to get something working locally by:
!converting wordlists into correctly formatted cookie values and using wfuzz to test them all
but it doesn’t work on the challenge. even with a very big list. is this the wrong technique? Or have I messed it up?
Guys i’m stuck i dont know how to take it. I figured out that the “Make sure to load php-console in order to be prompted for a password” isn’t there in phpinfo() by default. That should mean i have to trigger somehow that php-console. But I can’t figure out how. Hints?
Just google it and take the first result
hints to get password
Type your comment> @abhijasud said:
hints to get password
Me too…
cracked the challenge, if anyone needs a nudge, please PM me
any hint on the passwd?
Solved. PM me if you need any help.