Комментарии:
how did you find out the username was Elliot
ОтветитьGreat walkthrough, thanks for taking the time to record this!
I would also love if you had included some alternative ways, e.g. Burp's Intruder for bruteforcing the /wp-login dir, using wpscan(?) since it is a WP blog, etc.
Anyway, learned a lot from it, thanks again!
Thank you for the video, you're a master at it. Quick question, how do you get the bar at the bottom of your shell. Thank you so much for your answer and a big thank you for this video. 👍
ОтветитьThank you for this amazing walkthrough, I have learned a lot! I have a question, how do you know what directory "archive.php" is stored in? I also noticed that my password is in capital letters, but since Linux is "case-sensitive" the password won't work. Can someone tell me why my output is "case-sensitive" within john the ripper?
ОтветитьI loved the video! Mr. Robot is the best! bty, does anyone know who to brute force login forms that are pop ups???
ОтветитьWas knowing nmap had the suid but something you pick up overtime?
ОтветитьHow do you know what the archives.php url path is?
Ответитьif you go under Krista Gordons account it says "another key?" I went down that rabbit hole lol.
ОтветитьGreat walkthrough. Had a problem with john the ripper though, for some reason it returned all Caps for the letters instead of All lowercase. Weird.
ОтветитьIts funny how they put the password (ER-...) at the 858151 position in the dic file because if we use hydra like you showed us it will have to try 800k request wich takes an absurd amount of time
Ответитьhow did you know the file robots.txt
ОтветитьI got the wp user/pass in a different manner. The ip/license url for which I got 200 response, I opened and inspected using firefox's inspect context menu. There was a base64 encoded string which gave me the user/password combo. This was not visible in the view source page though.
ОтветитьThank you for the amazing help and efforts !!
Ответитьmy wordlist is not running please advice what to do
Ответитьmissing my ti line sir.
ОтветитьWhat terminal multiplexer is that? Thanks!
ОтветитьThis was an amazing video, thank you.
ОтветитьHow did you know to add "robots.txt"? Could it not have easily been "anythingelse.txt"?
ОтветитьOne thing that was very crucial in brute forcing the password for Elliot is that there is nearly a 1,000,000 words in the the fsociety.dic when in reality it should have been about 11,000 words. If you cat fsociety.dic | grep "any word in the fsociety file here", you will see a ton of the same words being used in the file. To remove all those unnecessary duplicate words, you could have done sort fsociety.dic | uniq -d > new.txt. Then right after that you would append the unique words doing sort fsociety.dic | uniq -u >> new.txt. In doing so would give you the actual amount of words for that wordlist. That would save you a ton of time finding the password in a shorter time
Ответитьhow did you find that the shell was on wp-content/twentyfifteen/archive.php ? I was doing it on my own and I couldnt find the shell
Ответитьi did like the video but when I did the first key it did not work
Ответитьyou can run sudo -S su robot to change to robot user
ОтветитьWhat is that terminal thing? how do you make it like that?. Great video btw it helped me alot about what to look for in terms of ethical hacking.
Ответитьlearned some new tricks, thanks dark!!
Ответитьbtw.... Hello friend, I did guess the file name.... or at least found the Easter egg.
ОтветитьIf I would have run this without a walk through, which I did but was never getting anything, the wordlist would have taken 16 hours to go through. And the password was at the bottom! Was a little annoyed for just a thm room for it to take so long
ОтветитьYou cannot use PWD as parameter man, this issue took hours from me. It should be PASS
ОтветитьWhat does -t 30 do?
ОтветитьWhen I try to do a reverse shell with nc I can't use the port 53, it's ok to use 1234? because it doesn't work :(
Ответитьthx :)
ОтветитьThe password is at the very end of the list, which contains many duplicates, very annoying.
To crack within a few seconds: tac fsocity.dic > reverse.dic
tried it so many times I just cant get the password for some reason.
Everything is correct idk whats going wrong
You guys put the username and password near the bottom of the list..nice..very nice
ОтветитьWhy didn't you use whole error message for password brute-force? Is it because of that block lettered "Elliot" in the response?
ОтветитьHalf an hour searching for password and it's not done yet... Why this file is so big???? It's a training box..
ОтветитьI also watched another video where someone used the command (find / -perm -u = s 2> / dev / null ").
What does it do ???
(Sorry for the bad english)
I couldn't find the password in the fsocity.dic file, I used python to open the file and search yet nothing popped up
ОтветитьFantastic, simple and to the point, thank you for this gem of content.
Subscribed and all notifications=on :D
^PWD^ didnt work for me, i ended up getting it to work with ^PASS^
Ответитьyou said : we are gonna take a look at a common file we find on websites , while entering the file robots.txt . is this really the way to do it ? i want to know how to get the file ,without taking it from the internet .
Ответитьhow to view key-3-of-3.txt?
Plz help :')
I did have a small issue when running hydra. the password variable did need to be ^PASS^ instead of ^PWD^
Ответитьif i m using !bash i am not getting a shell with root privileges...WHY?
ОтветитьAwesome video, cant wait to do this in THM!
ОтветитьAm using hydra for password its taking too long
ОтветитьDoes playing CTF helps in getting through bug bounty as well
ОтветитьDarkSec you're the best.
Ответить