How to find admin panel link

If it doesn't fit anywhere else, it will fit here.
Post Reply
chutrapata
n00b
Posts: 5
Joined: Wed Apr 04, 2018 4:11 am

How to find admin panel link

Post by chutrapata » Sun Sep 16, 2018 6:06 am

After retrieving user && password of any admin panel using SQLMAP how to find admin panel link to input username and password ???

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: How to find admin panel link

Post by Cool_Fire » Sun Sep 16, 2018 9:18 am

I'm not sure why you need the admin panel if you have database access through SQLi already, but ok. You can use something like wappalyzer, whatcms.org, or builtwith.com to check for a common CMS, which should let you find the admin panel pretty easily.
If it's something uncommon or even custom, you can try a crawler to see if there's a link to the admin login somewhere.

Alternatively you can try to get code execution through the SQLi and see if you can find the files for it on disk, or log files that tell you the panel location.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

chutrapata
n00b
Posts: 5
Joined: Wed Apr 04, 2018 4:11 am

Cpanel hacking

Post by chutrapata » Tue Oct 16, 2018 10:18 pm

How to hack any cpanel. I mean cpanel access, Database, Files/Folders and everything. If you suggest the way using kali linux it will help me much. Thanks

chutrapata
n00b
Posts: 5
Joined: Wed Apr 04, 2018 4:11 am

brute force a gmail account.

Post by chutrapata » Tue Oct 16, 2018 11:42 pm

Hello, i would like some help with using xHydra in Kali Linux 2018.3. i am attempting to brute force a gmail account. i have a big password list and it is all working fine. i have followed many tut's on how to do it, but when i do it it gives me a different password every time... for example...

First time password: forest
second time password: jordan23
third time password: mexico

and non of these are the actual password :( does anyone know what i am doing wrong?

xHydra settings:

Target:
Single Target: smtp.gmail.com
Port: 465
Output Options: Use SSL
Show Attempts
Be Verbosu

Password:
Username: *********@gmail.com
Password List: (My Password List Location)
Try Login as Password.

Any help would be greatly appreciated.

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: brute force a gmail account.

Post by Cool_Fire » Tue Nov 06, 2018 10:11 am

chutrapata wrote:
Tue Oct 16, 2018 11:42 pm
Hello, i would like some help with using xHydra in Kali Linux 2018.3. i am attempting to brute force a gmail account. i have a big password list and it is all working fine. i have followed many tut's on how to do it, but when i do it it gives me a different password every time... for example...

First time password: forest
second time password: jordan23
third time password: mexico

and non of these are the actual password :( does anyone know what i am doing wrong?

xHydra settings:

Target:
Single Target: smtp.gmail.com
Port: 465
Output Options: Use SSL
Show Attempts
Be Verbosu

Password:
Username: *********@gmail.com
Password List: (My Password List Location)
Try Login as Password.

Any help would be greatly appreciated.
Gmail will absolutely block you after a few failed attempts. The reason you're getting a positive reponse from hydra is likely to do with just getting a slightly different response when you've been blocked vs. when you've not yet been blocked but the password is wrong.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

chutrapata
n00b
Posts: 5
Joined: Wed Apr 04, 2018 4:11 am

BruteForce Problem

Post by chutrapata » Thu Nov 15, 2018 1:09 am

What should I do when my targeted password is absent from password file (pass.txt) and hydra or other brute force softwares give me wrong password as Key Found . Sometimes it is hard to to realise that the password is still there. And another problem is : being pass.txt file size bigger it takes too much time for output. What is the solve. Please help me by replying.....
Thanks a lot

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: BruteForce Problem

Post by Cool_Fire » Tue Dec 11, 2018 10:39 am

chutrapata wrote:
Thu Nov 15, 2018 1:09 am
What should I do when my targeted password is absent from password file (pass.txt) and hydra or other brute force softwares give me wrong password as Key Found .
The brute force software giving you false positive responses is usually just a side effect of being blocked or throttled. The brute forcer just checks if the response coming back from the server is different to the one it knows is a "login failed" response. And a "blocked for too many failed attempts" response is usually different, causing the brute force application to mistakenly think it's a successful login.
chutrapata wrote:
Thu Nov 15, 2018 1:09 am
And another problem is : being pass.txt file size bigger it takes too much time for output. What is the solve. Please help me by replying.....
Thanks a lot
There is usually no way to solve a brute force attack taking too much time. That's pretty much how brute force protection works on the defense side; Make it take so long it's not a viable attack.
If you insist on attacking this target, you'll have to find another way in.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply