App - Script

I found the version of Python. After i connected to HTTP server, i found the token to get a bit deeper into Authenticate section. The script to authorize users is searching for this section and pickle begins to work on. It is wellknown for its weakness like executing programs within. It is encoded in b64 and will be decoded when pickle runs. I tried to execute cmds like cat the .passwd file but it gives an key property error. It could mean that the encoded Authenticate token and the entry of the real inside of .passwd are not identical. Is there anything i miss ?

I do not have an answer for you, I am sorry.

I am googling up and down for an HTTP authentication header but I cannot find an example. How were you able to send the right request? Do you just happen to know how such a request looks like?

Hi,

just authenticate as an admin and then follow the error messages... They will give you a hint to to write the right request header. After all, i was too lazy to study pickle loading sequence. So i will do this next time. But there are good information sources around in internet. A bit confused issue.. I do not like this challenge :)

An admin? do i i need to brute force it

No. No bruteforce