![d39c520fe61945ec6ed741900fe89baf.png](aec217734c424b8ba55a1bcba609e5c4.png) ![df97b3eae7b89c51e3de509d8cb3d389.png](44a8c18e63964850a99f665762dd088f.png) kicks back `invalid username` as the error which makes me think we can brute the username and then maybe it'll kick back invalid password once we have the username ![fdd90f8ddb8d6714a3f604d1cd722cf4.png](5cd30bfc12e94e20840a2a542a437885.png) ![0c901fa59a1f0186ffcdf6a9d62e13da.png](72f48cc575c54a1d8e06637063e4303f.png) Turbo intruder pertinent script excerpt: ``` def handleResponse(req, interesting): # currently available attributes are req.status, req.wordcount, req.length and req.response if 'Invalid Password' in req.response: table.add(req) ``` Now going to do the same for the password ``` if 'Invalid Password' not in req.response: ``` ![b9cf140322b5022fafa693e54ee884a1.png](6ca5ffd273664d11b4e2e8b8a6e61adc.png) cookie is `eyJjb29raWUiOiIxYjVlNWYyYzlkNThhMzBhZjRlMTZhNzFhNDVkMDE3MiIsImFkbWluIjpmYWxzZX0=` which is `{"cookie":"1b5e5f2c9d58a30af4e16a71a45d0172","admin":false}` changing the `admin` value to `true` and changing the cookie gives us ![6bd0c241ff39beb30744742192dc376f.png](2d119097933e47daa89e2c45511bb2f5.png) The zip file has a password `zip2john file.zip > forjohn` ![841697307ea838d95300bd9b4185da8c.png](c369ddc6a288493da2956f5745715da9.png) ![8300f0a5bbc624268b8fb036b19894c6.png](05afe257acae4f088534811837aa50d1.png) --- Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]] Tags: #ctf #bruteforce #password_cracking #johntheripper #web Related: