Solved. All I can say is this: pen-test the application and, as someone else already said, READ the code. I’d suggest to get back to the basics, perform some well-known pen-test actions against your target. Use well-known tools with well-known parameters to that tool.
By the way, I wouldn’t recommend cracking the hash; it may as well be me that I am a total disaster when it comes to cracking bcrypt hashes with my word lists, but I tried it out of curiosity and no luck. If someone else has did it, I’d love to hear how.
So my hints:
dirb. This will get you some interesting files you will need later on.
Absolutely no cracking.
Use a “tool” to do something with some of the files found in 1) and READ.
@socialkas said:
Solved. All I can say is this: pen-test the application and, as someone else already said, READ the code. I’d suggest to get back to the basics, perform some well-known pen-test actions against your target. Use well-known tools with well-known parameters to that tool.
By the way, I wouldn’t recommend cracking the hash; it may as well be me that I am a total disaster when it comes to cracking bcrypt hashes with my word lists, but I tried it out of curiosity and no luck. If someone else has did it, I’d love to hear how.
So my hints:
dirb. This will get you some interesting files you will need later on.
Absolutely no cracking.
Use a “tool” to do something with some of the files found in 1) and READ.
Try harder.
Stuck on 4 as I think %)
Tryed :
@naveen1729 said:
the easiest method IMO is to use the initial weakness and follow the source.
but no success (first time using such tool - just went through available options).
Also tried to get pass without cracking (as it was in one recent challenge/box) but also no success. Now reading all output ( -a ) of “tool” - may be missing something else. Brute force - I think challenge will retire earlier of getting results %) Also have idea to try use hash directly with other tool with hope that developers did such “mistake” ^)…
I.e. if somebody wishes push me in proper direction - will be very appreciated %))
Much thanks to @idealphase , just got the flag.
Actually all the creds you get are not necessary if you proceed like me.
The tools you are using can do more stuff than you think.
If you need any hints, just feels free to PM me
That was a fun challenge. It is great to get some experience using the “tool”. All the hints are on this discussion page. (and yeah, I did try to bruteforce my way in, but the instance is not active long enough…)
Alright - I’ve tried and tried with the tool and found that the current user has the file priv. However, I can’t seem to read or write anything in the /admin…/ dir.
Finally done… yep. What I can say for people like me (noobies in web) - find weak place analyzing crazy formatted file %), apply tool mentioned above, again start search applying tool going deeper and deeper… until got a flag %))) (I think it is not spoiler due to all mentioned here already known in this thread). PS: and don’t overthink - some things are much simpler
PPS: And you should read tons of information about how works www applications if you never deal with them before %) like me - to be able to see important information in files)
Actually, you don’t need any tool except web browser. Just read sources closely and use one of OWASP Top 10 vulnerability. Nothing more needed.
Tools were a rabbit hole for me.
