FirstTry Hacktory Writeup

Hacktory Web security module

20240611044720.png

Lab Description Link to heading

20240613010133.png

In this lab work, you will have to do a little work with a weakly secured development studio website and use the dirsearch and dirb tools to gain unauthorized access to the site.

Difficulty - 1 static electricity shock out of 5

Solution Link to heading

In this tutorial we will use the dirsearch tool. Start the application and try to analyze the website at http://www.hacktory.lab. To do this, you can use the command dirsearch.py -url http://www.hacktory.lab -e txt,log. The utility will automatically analyze the website and show you the directories and files found. Look carefully at the results of the analysis and tell me, what is the name of the log file?

Use the command from the hint

20240613010356.png

Finding two files. Logs and database file.

In the logs you can find the path to the admin panel

20240613010404.png

And in the database file is the password for the database

20240613010411.png