CTFs/TryHackMe

[Day 4] Advent of Cyber 3 (2021) | TryHackMe

Akash Kumar 2021. 12. 6. 02:56

Web Exploitation

Santa's Running Behind

 

Story

McSysAdmin managed to reset everyone's access except Santa's! Santa's expected some urgent travel itinerary for his route over Christmas. Rumor has it that Santa never followed the password security recommendations. Can you use brute-forcing to help him access his accounts?

 

Learning Objectives

In today's task, we're going to learn the following.

  1. Understanding authentication and where it is used
  2. Understanding what fuzzing is
  3. Understanding what Burp Suite is and how we can use it for fuzzing a login form to gain access
  4. Apply this knowledge to retrieve Santa's travel itinerary 

 

Answer the questions below

Q.) What valid password can you use to access the "Santa" account?

A.)  cookie 

Process:- I followed TryHackMe instructions and I got Santa's account password using Burp-Suite with this password list.

 

 

Q.) What is the flag in Santa's itinerary?

A.)  THM{SXXXXXXXXXXXXS} 

Process:-  I logged in with the credentials and got the flag.

 

 

Thanks for reading.

Have a lovely day :-)