Allan_Virtanen I was looking for hidden files, you know like .htaccess, .htpassword and similar. Typically when sites use another webserver than apache2 there may be such files laying around and publicly accessible.
Nothing found, and it's blocked by Dennis Nedry himself ironically :/
Samuel_Oldfield Nope, tried SQL injection on every input form, doesn't work, tried password reset and other input forms to see if there was any chance to leak user names and emails, no luck there either, system won't even tell me if a user exist or not.
I then learned that there are rate limits, and even more sensitive limits on important endpoints, so brute force wouldn't have worked anyway. I had to find another way in. Found a few possible ways after a port scan but as it turns out I'm instantly blacklisted after starting any attempt to brute force. Open ports are protected by some kind of dynamic firewall.
Guess I have to give up for now 🤔