| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
Tags
- TryHackMe
- CTFS
- burp suite
- Burp Suite: Intruder
- Walkthrough
- Intruder
- Burp Suite: Other Modules
- ctf
- Windows Forensics 1
- advent of cyber 3
Archives
- Today
- Total
root@sky:~#
[Day 4] Advent of Cyber 3 (2021) | TryHackMe 본문
Web Exploitation
Santa's Running Behind
Story
McSysAdmin managed to reset everyone's access except Santa's! Santa's expected some urgent travel itinerary for his route over Christmas. Rumor has it that Santa never followed the password security recommendations. Can you use brute-forcing to help him access his accounts?
Learning Objectives
In today's task, we're going to learn the following.
- Understanding authentication and where it is used
- Understanding what fuzzing is
- Understanding what Burp Suite is and how we can use it for fuzzing a login form to gain access
- Apply this knowledge to retrieve Santa's travel itinerary
Answer the questions below
Q.) What valid password can you use to access the "Santa" account?
A.) cookie
Process:- I followed TryHackMe instructions and I got Santa's account password using Burp-Suite with this password list.
Q.) What is the flag in Santa's itinerary?
A.) THM{SXXXXXXXXXXXXS}
Process:- I logged in with the credentials and got the flag.
Thanks for reading.
Have a lovely day :-)
'CTFs > TryHackMe' 카테고리의 다른 글
| [Day 6] Advent of Cyber 3 (2021) | TryHackMe (0) | 2021.12.16 |
|---|---|
| [Day 5] Advent of Cyber 3 (2021) | TryHackMe (0) | 2021.12.07 |
| [Day 3] Advent of Cyber 3 (2021) | TryHackMe (0) | 2021.12.06 |
| [Day 2] Advent of Cyber 3 (2021) | TryHackMe (0) | 2021.12.03 |
| [Day 1] Advent of Cyber 3 (2021) | TryHackMe (0) | 2021.12.03 |
'CTFs/TryHackMe' Related Articles
more
Comments