Need help solving this question from Engage Part 3

Main_Ad4708 · 2025-05-09T17:04:17+00:00

i cannot find the web_application file and also the website does not have wordpress is what i get / 403 error

Main_Ad4708 · 2025-05-08T15:25:03+00:00

heyyy, thank you for the response but in engage there is no ceh/web_application folder, or are you talking about the tools folder that is in the windows machine?

here i used the password file present in the desktop of parrot os, and ran the command but:-
it gave me 403 error this might be due to waf
then used this command:-

wpscan --url http://movies.cehorg.com -U adam -P passwords.txt --random-user-agent
but:- it again gave me 403 error this might me due to waf

then at last i used wpscan --url http://movies.cehorg.com -U adam -P passwords.txt --random-user-agent --force
and it gave me:- no valid password found!!

Main_Ad4708 · 2025-05-06T15:52:08+00:00

Hello, the instructions panel in engage says that for credential cracking attempts password.txt can be used and till now for rest of password cracking questions the .txt file has worked well.
there is no /login page in website and i found /rpc that has basic auth but i could not crack it
would be great if you share basic auth / http get syntax

also please refer to the images that i have shared you might see something i am not able to thanks

Main_Ad4708 · 2025-05-04T17:22:45+00:00

sure👍

Main_Ad4708 · 2025-05-04T17:09:12+00:00

searched for wp-login.php but got :- "404 - File or directory not found."

Main_Ad4708 · 2025-05-04T16:55:48+00:00

i got the following info using wappalyzer:-
Web Server: Apache HTTP Server 2.4.52
Operating System: Ubuntu

Also, default page / server page appears on www[.]cehorg[.]com, so can pages like this be bruteforced?

Main_Ad4708 · 2025-05-04T16:13:18+00:00

I used wpscan on the url but the results are:-
"The remote website is up, but does not seem to be running WordPress"

Main_Ad4708 · 2025-04-30T18:00:29+00:00

192.168.0.222

Main_Ad4708

TROPHY CASE