How to find admin panel link
-
- n00b
- Posts:5
- Joined:Wed Apr 04, 2018 4:11 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
After retrieving user && password of any admin panel using SQLMAP how to find admin panel link to input username and password ???
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: How to find admin panel link
I'm not sure why you need the admin panel if you have database access through SQLi already, but ok. You can use something like wappalyzer, whatcms.org, or builtwith.com to check for a common CMS, which should let you find the admin panel pretty easily.
If it's something uncommon or even custom, you can try a crawler to see if there's a link to the admin login somewhere.
Alternatively you can try to get code execution through the SQLi and see if you can find the files for it on disk, or log files that tell you the panel location.
If it's something uncommon or even custom, you can try a crawler to see if there's a link to the admin login somewhere.
Alternatively you can try to get code execution through the SQLi and see if you can find the files for it on disk, or log files that tell you the panel location.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:5
- Joined:Wed Apr 04, 2018 4:11 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
Cpanel hacking
How to hack any cpanel. I mean cpanel access, Database, Files/Folders and everything. If you suggest the way using kali linux it will help me much. Thanks
-
- n00b
- Posts:5
- Joined:Wed Apr 04, 2018 4:11 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
brute force a gmail account.
Hello, i would like some help with using xHydra in Kali Linux 2018.3. i am attempting to brute force a gmail account. i have a big password list and it is all working fine. i have followed many tut's on how to do it, but when i do it it gives me a different password every time... for example...
First time password: forest
second time password: jordan23
third time password: mexico
and non of these are the actual password :( does anyone know what i am doing wrong?
xHydra settings:
Target:
Single Target: smtp.gmail.com
Port: 465
Output Options: Use SSL
Show Attempts
Be Verbosu
Password:
Username: *********@gmail.com
Password List: (My Password List Location)
Try Login as Password.
Any help would be greatly appreciated.
First time password: forest
second time password: jordan23
third time password: mexico
and non of these are the actual password :( does anyone know what i am doing wrong?
xHydra settings:
Target:
Single Target: smtp.gmail.com
Port: 465
Output Options: Use SSL
Show Attempts
Be Verbosu
Password:
Username: *********@gmail.com
Password List: (My Password List Location)
Try Login as Password.
Any help would be greatly appreciated.
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: brute force a gmail account.
Gmail will absolutely block you after a few failed attempts. The reason you're getting a positive reponse from hydra is likely to do with just getting a slightly different response when you've been blocked vs. when you've not yet been blocked but the password is wrong.chutrapata wrote: ↑Tue Oct 16, 2018 11:42 pmHello, i would like some help with using xHydra in Kali Linux 2018.3. i am attempting to brute force a gmail account. i have a big password list and it is all working fine. i have followed many tut's on how to do it, but when i do it it gives me a different password every time... for example...
First time password: forest
second time password: jordan23
third time password: mexico
and non of these are the actual password :( does anyone know what i am doing wrong?
xHydra settings:
Target:
Single Target: smtp.gmail.com
Port: 465
Output Options: Use SSL
Show Attempts
Be Verbosu
Password:
Username: *********@gmail.com
Password List: (My Password List Location)
Try Login as Password.
Any help would be greatly appreciated.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.
-
- n00b
- Posts:5
- Joined:Wed Apr 04, 2018 4:11 am [phpBB Debug] PHP Warning: in file [ROOT]/vendor/twig/twig/lib/Twig/Extension/Core.php on line 1275: count(): Parameter must be an array or an object that implements Countable
BruteForce Problem
What should I do when my targeted password is absent from password file (pass.txt) and hydra or other brute force softwares give me wrong password as Key Found . Sometimes it is hard to to realise that the password is still there. And another problem is : being pass.txt file size bigger it takes too much time for output. What is the solve. Please help me by replying.....
Thanks a lot
Thanks a lot
- Cool_Fire
- Not a sandwich
- Posts:1913
- Joined:Fri May 09, 2003 1:20 pm
- Location:41 6d 73 74 65 72 64 61 6d
- Contact:
Re: BruteForce Problem
The brute force software giving you false positive responses is usually just a side effect of being blocked or throttled. The brute forcer just checks if the response coming back from the server is different to the one it knows is a "login failed" response. And a "blocked for too many failed attempts" response is usually different, causing the brute force application to mistakenly think it's a successful login.chutrapata wrote: ↑Thu Nov 15, 2018 1:09 amWhat should I do when my targeted password is absent from password file (pass.txt) and hydra or other brute force softwares give me wrong password as Key Found .
There is usually no way to solve a brute force attack taking too much time. That's pretty much how brute force protection works on the defense side; Make it take so long it's not a viable attack.chutrapata wrote: ↑Thu Nov 15, 2018 1:09 amAnd another problem is : being pass.txt file size bigger it takes too much time for output. What is the solve. Please help me by replying.....
Thanks a lot
If you insist on attacking this target, you'll have to find another way in.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.