you probably dont care at all but does anyone know a method to log back into an Instagram account..? I was dumb lost the password. I appreciate any tips you can offer me.

@Sullivan Castiel instablaster =)

@Hugo Jayden thanks so much for your reply. I got to the site on google and Im in the hacking process atm. Takes quite some time so I will get back to you later when my account password hopefully is recovered.

@Hugo Jayden It worked and I finally got access to my account again. Im so happy! Thank you so much, you really help me out :D

@Sullivan Castiel You are welcome :D

It’s difficult because I’ve been doing this type of stuff for over a decade, so just have a really strong foundation. Additionally, i started out as a sysadmin so had a different starting point when going into security

sir you please also show your solution writeup

padBuster is in this video as well :) -- Just do it later as it takes some time so padBuster was going in the background while i privesc'd.

The basis is having a good methodology to cover as much of the attack surface as possible. After that experience and knowledge of all the common services could be very beneficial.

Thomas Underhay right.. But sometime the path is too confusing.

Hard to say. I was a sysadmin for a decade, so I've spent a lot of time digging into random crap to find silly errors. Thomas EOF said it pretty well. Hacking is more of an art than a science. If you try to cover everything in any phase such as enumeration, you'll never finish. Need to know when you have enough to move on.

IppSec so experience matters a lot!

He use tmux , see Popcron Video

Thanks!

Where did you find the decrypt function? I also want to have a look, as i'm not sure why the admin= works.

Bit late, but essentially the explode function within php splits a string into an array based on a delimiter (in this case '=', so in the standard usage, the encrypted string is 'user=john' which becomes an array of "array('user', 'john')" what list does is assigns those indices within the array to local variables, so in this scenario $user variable becomes 'john' as the 2nd item in the array is the value 'john'. In the case of 'admin=' the encrypted string becomes 'user=admin=' since '=' is the delimiter it becomes the third item in the array, so 'user=admin=foobar' would create an array of "array('user', 'admin', ''). So it effectively strips any of the delimiters from the string. In php: php > $f = 'user=john'; php > print_r(explode('=', $f)); Array ( [0] => user [1] => john ) php > $f = 'user=admin='; php > print_r(explode('=', $f)); Array ( [0] => user [1] => admin [2] => ) Hope that helps!

@@MrIamedible Very helpful !!

@@MrIamedible thanks for such clear explanation

trying different stuff to figure out what he's allowed to insert in that input

I do shell shock in beep.

he's using the gdb debugger to look into the (backup) program as it runs and see what it's doing then he figures out its running the command (cat /etc/passwd) by reading from that address from the program , then notices that the command is using relative paths instead of absolute path so he then adds his own path to the variable $PATH so his program (which is also named cat) runs first and his program is a script that runs a shell (/bin/sh) thus giving him a shell as root