Return to forum

October 22, 2022 at 6:52 PM

Good luck to everyone.

dumpsterX0 · October 22, 2022 at 7:13 PM

store.hat-valley.htb

dumpsterX0 · October 22, 2022 at 7:39 PM

tryin to bruteforce the store basic auth with workers name.

crash2overload · October 22, 2022 at 7:43 PM

(October 22, 2022, 07:39 PM)dumpsterX0 Wrote: tryin to bruteforce the store basic auth with workers name.

Does it work for you?

u53r · October 22, 2022 at 7:44 PM

Cookie: token=guest
Maybe somesort of cookie injection or just fuzzing it

crash2overload · October 22, 2022 at 7:46 PM

(October 22, 2022, 07:44 PM)u53r Wrote: Cookie: token=guest
Maybe somesort of cookie injection or just fuzzing it

token is base64 of the imput username:password

dumpsterX0 · October 22, 2022 at 7:48 PM

(October 22, 2022, 07:43 PM)crash2overload Wrote:
(October 22, 2022, 07:39 PM)dumpsterX0 Wrote: tryin to bruteforce the store basic auth with workers name.

Does it work for you?

still tryin

(October 22, 2022, 07:44 PM)u53r Wrote: Cookie: token=guest
Maybe somesort of cookie injection or just fuzzing it

i saw that too btw uhhhh.

crash2overload · October 22, 2022 at 7:52 PM

(October 22, 2022, 07:49 PM)Hacker2222 Wrote: hat-valley.htb also has /api/ and /hr/

True that. Quiet bad readable http://hat-valley.htb/js/app.js

dumpsterX0 · October 22, 2022 at 7:56 PM

(October 22, 2022, 07:49 PM)Hacker2222 Wrote: hat-valley.htb also has /api/ and /hr/

intresting.....

br4v0ch4rl33 · October 22, 2022 at 7:56 PM

/hr cookie 'guest' can be changed to anything to get access to dashboard