c7317ae78e | ||
---|---|---|
.. | ||
images | ||
README.md |
README.md
spooky
I forgot my login credentials again!!
About the Challenge
We have been given a website that has a login form
How to Solve?
I have trying every single payload to bypass the admin login (SQL and NoSQL) and the result is nothing. And then my friend, @DimasMaulana found an interesting endpoint called sitemap.xml
As you can see, we found another endpoint that contain users and password.
User:
user
guest
root
admin
kali
raspberry
support
fiona
charles
alice
pinocchio
shrekop
dragon
donkey
wolf
Pass:
R4YPLtCnaMc8GhWy
fX9maZjLNdqKG8wH
r6GUEungvhXqVFyY
WZLNBAdkXc6Yu8rh
ny7Z2jpMT36CBwLH
VmU5gnXKYN2vLp48
VGUtajxuq6KeNk5J
XZTEVmd6AcFN3j84
ydfkG8YS7WMwpQNC
emcYJrGFVMakw5UN
G9fBSNbgmhTduKEU
KctkRurdy4vSMGWF
Ggc6qyrVdDzWhEea
DKaYNZug9ELCzRAy
NwCGR69ZceHu8tmT
Im using that username and password wordlist to bruteforce the form and we got 1 correct combination
User: shrekop
Pass: VmU5gnXKYN2vLp48
Now we can login to the web, but we still didn't get the flag.
As you can see the role is user
. We need to do privilege escalation from user
to admin
roles. To do that, when we login to the website, add admin
parameter and the value is true
VishwaCTF{h1dd3n_P@raMs}