WiCYS CyberStart (Amsterdam) Challenge 3

Web-login bruteforce

Briefing L01 C03

Social Engineering

Permission has been granted to try and log into the Chirp social media account of a hacker who goes by the name of D4YDR3AM. Luckily for us. they’ve been clumsy with their personal information. We know their dog’s name is Barkley and they were born in 1993. Can you use what we know about them to guess their password and get us into their account?

Tip: Get the flag by guessing the correct password to sign into the account.

Let's go to the challenge

We are met with this Chirp login page (mimicking Twitter again!)

I guess we won't have to think hard to crack this, unless it involves creating a wordlist using crunch (to generate passwords) and using it to bruteforce the login page, using Hydra or Burp Suite

I had these three combinations in mind:-

Barkley1993

Barkley93 and

1993Barkley

Flag Capture

Let's go ahead and bruteforce em'

The first password worked in this case and we have logged in.

First time lucky eh?

We get the flag and submit it

Flag — F3Fhrc07TPmJ2HZAY9cd

Scoreboard

There’s no looking back. Onward ahoy!