News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

WEB HACKING QUESTION : hacking | Torhoo darknet markets

Hello,
#WEBSITE 1
I scanned a URL using dirbuster and got my hands on two files. ( 1.httaccess 2.web.config )

its for an ecommerce website and I'm trying to find a way to get in, through any kind of vulnerability or exploit.

If anyone could please explain what those two files are, if there is a way I could use this to my advantage and why were there so many bots on robots.txt ( like A LOT of bots!)

#WEBSITE 2

This other website which is also ecommerce, when I accessed the /dav , it showed a login java script popup. Would that popup be easier to bruteforce than the /admin page or harder or neither.

I appreciate every word you write. I'm really trying to learn and I'm just so sick of these online long boring tutorials that doesn't get into details.
/u/dystopia_dev
1 points
3 years ago
Interesting,
sorry I am of no help. definitely following this tho
/u/genlit
1 points
3 years ago
For the two files that you mentioned:
- htaccess is a Apache directory configuration file. Based on my experience it`s not possible to access from outside, probably a missconfiguration on the server.
- web.config is a configuration file that can lead to information disclosure about the server and can sometimes be helpful. But at this point you already figure that out.
The second website:
Bruteforcing will be as hard as every login page, it can`t just be easier. Unless if it`s a custom page and you can hope that it doesn`t have enough security protection as # of login attempts etc. It can even have sql injection. You can check if both of them calls the same endpoint so you don`t waste your time.
/u/banman 📢
1 points
3 years ago
Thanks for your explanation man! that was really helpful. Appreciate it
/u/Kirosa
1 points
3 years ago
Those "long boring tutorials" absolutely DO go into details, especially the basics which seem like what you need most. Learn how a website works, build one yourself, and it'll pay off ten fold down the line.

Since .htaccess and web.config have been mentioned below, I'll add a bit. robots.txt having a bunch of crawlers listed is common for e-commerce sites as a means of having search engines not crawl over stuff like shopping cart links and such. Nothing out of the ordinary there.
/u/banman 📢
1 points
3 years ago
I guess I'm watching the wrong " long boring tutorials " but I appreciate taking time and explaining. I'm learning buddy! Don't judge a fat guy at the gym, at least he showed up, right ?
Thanks!
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo