This part of the boss is designed to be solved using a LFI, then a SQLi. You did it with hydra. Well done. It proves that there are often several solutions!

Yolo

Hi i'm blocked to this boss
done The LFI and SQLi, but on the last page ctrl_emergecry_stop.php i can't figure how to use the bruteforce
i have the id of the field used in form, but can't make hydra working on it :(

You need an url(check), an id (check) and the right work list. the default rockyou if too short. Copy/paste few more entries from hacker's guide rockyou list.

Yolo

I have the same probleme and I think I have the good id but it's not work any more :/
login

Originally posted by Chico008:

Hi i'm blocked to this boss
done The LFI and SQLi, but on the last page ctrl_emergecry_stop.php i can't figure how to use the bruteforce
i have the id of the field used in form, but can't make hydra working on it :(

for the accès code in : http://10.0.11.16/ctrl_emergency_stop.php
1. open brutforce
2. in fields "target" http://10.0.11.16/ctrl_emergency_stop.php
3. in fields"fields" login
4. start brutforce with first 10 words on rockyou.txt list
5. click dump (on right) / scroll down in new windows and take flag or enter the password in code access then flag apparated

have fun BRO

Hi folks
I'm stuck! I made my way to the login page for the KRN-32 but can't seem to figure out the SQLi.
When I previously applied SQLi earlier in the game, it was just one parameter. Now with a username and password requirement, I'm not sure what I'm doing. I tried using two accounts names I found at the bottom of the /etc/passwd file but nothing is working!
I'm about to give up on this game, any hints would be really appreciated.