If something apparently juicy you found doesn’t seem to get you anywhere, look elsewhere. This challenge has a few ratholes.
For sp we
Took me a few minutes to get the hash using the proper tools, then got stuck after that for a while!
I believe (as mentioned here before) that no need to crack any hashes, my question is, would the same tool that got me the hashes help afterwards? I tried most of its options shown in the -hh with no luck.
I appreciated any help here.
@salt yes, that same tool can do more than just pull data out of a db… check the options again for other interesting features.
I can get the same place with you, and I can download it through the tool, but I can’t upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?
Type your comment> @alex57xp32 said:
I can get the same place with you, and I can download it through the tool, but I can’t upload it. I have downloaded all the source code for analysis. I also thought that I can use webshell. Who can PM?
Passed, it really is a problem that I did not analyze carefully. In fact, the answer has been found, that is, I have not seen it.
this one was a pain just because i didnt pay atention to what i found. initially i thought that source code that i see in the URL is the same that im getting with that tool but it wasnt. so make sure to read the source your getting with that tool
nice challange
■■■■! Fucking finally did it. Without the “This tool can do more than just that” I would surely be stuck! Coolest challenge so far… You always think you know a lot, but then BAM, the manuals hit you in the face.
I see the comment about line on some page, but am not sure about how would i access it or change it.
any nudges?
This is bugging the ‘heck’ out of me! I got the vuln pinned. Used the ‘tool’ to grab all. Then used a function of the tool to get some more stuff and found a pw in a cfg file. Can’t seem to use the tool to put stuff back though. And can’t figure out where the ‘F’ in Flag is!!
@PenTestPumpkin look at more files. Especially ones related to the website. Might need to use some other tools to find which files there are…
stuck at login page… please suggest what to do next…
I can’t seem to get this one. I’ve found the login page, but it doesn’t seem injectable using a ‘tool’. I’ve found some .ht* files, but I don’t know how to get around auth for those. Am I using the right tool? Am I trying to inject the right spot?
Need help! Found login directory, hashed password and configuration file but don’t know how to proceed. Can someone PM me?
EDIT: Solved it!
Spoiler Removed
Hi Folk,
can anybody help me with this challenge. i stucked after trying a lot of things…i find the hash value but it seems not to be the right way. i tried to read the SourceCode but i dont get it . can you help pm a Hint…Thank you in advance
Can someone give me a nudge? I can’t even get to the login page that everyone is talking about. I ran gobuster & dirbuster. Both gave me a handful of urls, and none of them point to any login page.
I am ■■■■ stuck on finding the username and password ( hashed or not ) what should I do?