หน้าเว็บ

วันเสาร์ที่ 25 เมษายน พ.ศ. 2558

CAMSCTF CCTF 2015: Web 2 (Exploitation) Write-up


Description: 
You're probably thinking too hard about this.
Hint:
Remember that time when you guessed the admin password? Yeah.
Solution:
          Target: http://web.camsctf.com/2/ OK, Brute force time was begin. :D, Open Burp Suite and Intercept HTTP Request and send to Intruder tab with wordlist.


          password=letmein

Flag: {still_b3tter_than_princess}

3 ความคิดเห็น:

  1. I dont understand, why you know it must brute force time ??

    ตอบลบ
    คำตอบ
    1. when I read a hint. I try to find some wordlist to brute force it.

      ลบ
  2. lol when i did it i looked up a list of popular admin passwords and the first one was the correct password

    ตอบลบ