WiCYS CyberStart (Amsterdam) Challenge 3
Web-login bruteforce
Last updated
Web-login bruteforce
Last updated
Permission has been granted to try and log into the Chirp social media account of a hacker who goes by the name of D4YDR3AM. Luckily for us. they’ve been clumsy with their personal information. We know their dog’s name is Barkley and they were born in 1993. Can you use what we know about them to guess their password and get us into their account?
Tip: Get the flag by guessing the correct password to sign into the account.
Let's go to the challenge
We are met with this Chirp login page (mimicking Twitter again!)
I guess we won't have to think hard to crack this, unless it involves creating a wordlist using crunch (to generate passwords) and using it to bruteforce the login page, using Hydra or Burp Suite
I had these three combinations in mind:-
Barkley1993
Barkley93 and
1993Barkley
Let's go ahead and bruteforce em'
The first password worked in this case and we have logged in.
First time lucky eh?
We get the flag and submit it
Flag — F3Fhrc07TPmJ2HZAY9cd
There’s no looking back. Onward ahoy!