hacker101-ctf

Hacker101 CTF Writeup

View on GitHub

Petshop Pro - FLAG1

0x00 Index

0x01 Path Scan

Used 7kbscan-WebPathBrute and corresponding dir dictionary for path scanning.

0x02 Admin Login path

http://127.0.0.1/xxxxxxxxxx/login

0x03 Try Login

Try with weak password, admin + admin. Shows Invalid username error.

This can help to brute force admin username.

0x04 Get Username

Catch the request and send to Intruder.

With the help of this username wordlist, finally get the admin username.

0x05 Get Password

With pretty much same method as above, here I get the password.

0x06 FLAG

So succefully log in.

username=verla
password=jester