Description: I made this website having simple authentication used in it. But unfortunately I forgot the credentials. Can you help me to find the correct one ??
As the description says, a person created a basic authentication and he forgot its user and password. So, just having a look at the website:-
So here entering some credentials, like “admin” : “admin”, “administrator” : “administrator”, etc. but failed. So the following things came to my mind
- Via response modification
So, starting with the most critical one, SQLi. So, just entered (‘) in the username field and successfully got an error. So I sent the request to the intruder, and as well as password used the payload from https://github.com/payloadbox/sql-injection-payload-list/blob/master/Intruder/exploit/Auth_Bypass.txt (for authentication bypass)
Since all the response were having a 200 status code and I didn’t had burp pro, i manually start to look at them and finally found multiple having a success and also containing the flag
- Test for SQLi in password field as well.
- Use payloads for specific purpose, e.g. for auth bypass, for RCE, etc.
Get more VishwaCTF-22 writeups here