Description:
Lernaean is an easy web challenge from HackTheBox says that the target we try to hack isn’t good with computer and we should try to guess his password so, we will brute-force the password field to find the right one!
I started the instance and visited the website and i found that administrator login panel.
I tried to submit common passwords but it refuses them and i got “Invalid password”.
So, i intercepted the request with burp tool to get information from request and response to help me to brute-force that password.
I used a tool called patator to brute force the administrator login, but this tool isn’t designed for the script-kids and you should search a lot to understand how it works!
python ./patator.py http_fuzz method=POST url="docker.hackthebox.eu:31746" body="password=FILE0" 0=/usr/share/wordlists/rockyou.txt -x ignore:fgrep="Invalid password!"
[+] python ./patator.py -> to start the patator python script.
[+] http_fuzz -> to use the http brute force, and patator has many modules to brute force like ftp and sql
[+] method=POST -> to identify the request method, and it was post
[+] url -> the url of the target and don't forget the ""
[+] body -> it's the data that will be sent through the post request and FILE0 means that i want to brute force that parameter
[+] 0 -> it's from FILE0, and that means i want to brute force the password parameter with the following wordlist
[+] -x -> that option used to filter the result and identify what's true and what's wrong
[+] ignore:fgrep="Invalid password!" -> means i wan't to filter the tries and ignore the responses that have "Invalid password!" string
As we see, we got the password and it was “leonardo”.
I intercept the request again and submitted the password with burp and i got the flag before the redirection and it was.
Finally, Thank you and i hope you learned something new!
For any questions, you can find me on:
MagMadiat 
Leave a comment