Day 03 - Christmas Chaos

Date: 03, December, 2020

Author: Dhilip Sanjay S

Learning Objectives

• Authentication vs Authorization

• Impact of Default credentials

• Dictionary attacks using Hydra and Burpsuite

  • Cluster bomb attack type in Burpsuite

What is the flag?

• Answer: THM{885ffab980e049847516f9d8fe99ad1a}

• Steps to reproduce:

  • After performing cluster bombing, we get the username and password.

  • Once you login with the following credentials, you can find the flag.

  • Username: admin

  • Password: 12345