The secret doors

Author: RootHarpy

A cunning login challenge requiring precise credentials The secret door opens for shorif_0x3c

https://tboctf.great-site.net/f07a1c2d9e4b5a6f.phptboctf.great-site.net

Solution:

The username is hinted at in the question. username: shorif_0x3c

So, for a known username, it is mostly suggested to do a dictionary password attack. As it is more likely to succeed at this method. So I used Burp Suite's intruder method at first. But it was in vain.

Next, I did common password attack.. which has some common passwords, like

admin password 12345 qwerty

But it was also in vain. After that I tried to use a blank password. But the HTML form required writing something in the password field. For that I did a workaround by omitting the "required" attribute from the form's password field.

Then I tried to submit the login form. And it was successful! 🥳

PreviousUse a specific Browser NextThe pain of losing a loved one.

Last updated 3 months ago