Oct 19th 2023,
Hi there, it’s cyberbeat again. It was really hard for me to keep up with the challenge as I am having a job too. I was really tired and just worked for 2 hours finding no bugs yesterday, so I didn’t count as a day of the challenge. This morning I got up early to hack a bit and went to office for work.
Later in the day, I had my class as I am a student, got little to no time finding this vulnerability but I was determined to hack no matter what in the evening.
I started to find multiple domains of the target and from one of the domain, I was able to get to admin panel but was unable to access it. I tried multiple ways including “curl” command, but with no luck. Luckily I was able to get some traces from the domain and I was able to traverse but without luck I wasn't able to get to the files in the directory and was giving me Error 404. I tried traversing back to root folder and luckily I was able to access the files! I submitted the report hoping will get something out of it. Probably P4 😅
I still managed to hack for around four and half hours. Here is how my Toggl track dashboard looks like:
