VE source code?

I’m fighting my way through the pen testing course. In terms of looking through the VE source code to find the weaknesses in both the session token and logging off:
Would it be the session.php file in var/www/html/ve/system? I’m shooting in the dark here. I saw a line that said:
public static function regenerate($destroy = false) {
session_regenerate_id($destroy);

But I really don’t have a clue if that’s it.

Thank you.

  • Russ

Hi @therealex, which particular section and the video are you talking about for Geri Revay’s course?

I’ve been working on the course, with large breaks, and just in general there are times when Geri says to look at the source code to find a particular vulnerability. For instance, I just finished the authentication module and there is a line that says “scriptadmin=”. That gets modified to allow you log in as scriptadmin.

I looked all through /var/html/ve and I have no idea where the source code for the login page would be. There are a couple of login php pages, but they are not necessarily for Voice of the Emporer. Index pages are not what I’m looking for, either. If this was in DOS or Powershell or Windows, I could do a global search for that phrase, but I have no idea how to do it in Linux and there are dozens of php files to go through.

Any suggestions on this would be helpful. Thank you.

In Linux you can use grep to do searches in all the files. Google it on how to do it. It is a very easy way of searching though several files