Real 12
So… I've read all the other posts on the matter, along with the articles for it. But I'm stuck at the very beginning. I can't seem to locate the dir, or any place that I could get info from, such as a hash, or users. Am I supposed to find the correct PNB to inject into "index.php?page=cafe.php"? I've tried many combinations for dir's, searching through their sources, checking headers, and cookies, etc. But I'm still clueless. The only article for this challenge mentions the similarity of this to basic 9, 10, and "Willy's" php exploits. I cannot find a user with that name, and I have yet to find a google result.
I need a hint.
I don't understand how it resembles basic 12. Sure, there's a protected dir. Sure, there's a protected .htaccess, and, .htpasswd. But unlike, basic 12, they don't give you the password hash at the beginning. I've tried everything I can think of that I've learned so far (which should be enough, according to the article, at least to get the admin).
The only other thing I can think of is maybe I should try using some type of fuzzer to check for dir's I can't think of?
@rex I'm aware of not adding the dir's to the search. Yep, all I get is a popup login. Which I can't mess with. The error page it gives after aborting the request doesn't tell me anything useful, neither does it's source, and neither does the headers, or other info I can think to try and pull from it.
EDIT So, I didn't know there was a help bot on the side bar. So I asked it, and it suggests I look for a .txt file that I'd use to login?
I'm begining to think I didn't do that basic level the way they expected me to. Because I get referenced to: https://en.wikipedia.org/wiki/File_inclusion_vulnerability Sooooo maybe LFI will be useful in my situation now.