Christmas Chaos

Web Exploitation - Burp Suite

Video

SecLists is a collection of common lists including usernames, passwords, URLs and much more.

A password list known as "rockyou.txt" is commonly used in security challenges, and should definitely be a part of your security toolkit.

No answer needed

Use Burp Suite as proxy and intercept the request in Burp Suite.

Send to Intruder --> Positions

Select Attack Type Cluster Bomb

Use BurpSuite to brute force the login form. Use the following lists for the default credentials:

Username

Password

root

admin

password

user

12345

Payloads

Start attack

Looking at the results, the pair admin 12345 as a different size length result.

Use the correct credentials to log in to the Santa Sleigh Tracker app. Don't forget to turn off Foxyproxy once BurpSuite has finished the attack!

THM{885ffab980e049847516f9d8fe99ad1a}

Last updated 4 years ago

Was this helpful?