Goglides Dev 🌱

Goglides Dev 🌱 is a community of amazing users

We are working on this space so that IT professionals can grow together.

Create account Log in
Rahul Gautam
Rahul Gautam

Posted on • Originally published at goglides.com on

Brutus

Brutus

Challenge name: Brutus

Category: Web

Challenge Description:

Brutus

Lets start by downloading the ip.zip file

lets extract that file you can see

Brutus

i am 100% sure that its gonna have a huge lot of files so lets open terminal and find the ip

so open terminal and type in

cat * | grep -r .

Brutus

the command with cat any file it sees and grep . (which is usually used in ip)

we got

Brutus

boom now since the ip is in binary lets convert it

the website i used to convert the ip,

https://www.browserling.com/tools/bin-to-ip

so lets paste the binary into the site and take our ip :)

Brutus

you will get your ip after converting as

Brutus

149.129.146.56

lets visit the ip we will see

Brutus

since our challenge is brutus lets visit the brutus url by

149.129.146.56/brutus

Brutus

opps theres a password sign in :( remember the description of the CTF mentions something about a nepali word list lets get on the way to search for one !!!

so the person who made the wordlist is Naresh Lamgade so lets look for the wordlist

For this part i will explain how I got the nepali wordlist :)

so the person has his email nareshlamgade@gmail.com

looking with that email( google searching nareshlamgade@gmail.com)

i got an website

Brutus

you will see website like

Brutus

So lets scroll down until we see the nepali wordlist blog

Brutus

now lets click here and Download the word list, clicking on the link sends you to

http://www.mediafire.com/file/q38m0a0ht3mfc9h/Nepali_Wordlist.zip/file

Brutus

Now lets download the wordlist :)

now open your Burp Suite

lets intercept a random password on burp

Brutus

let move it to intruder

the shortcut keys are

ctrl+i to send to intruder and ctrl+shift+i to change the tab

lets set the payload to ic_pass which default the intruder sets to

Brutus

now lets change the tab to pay load and copy and paste the nepali wordlist

Brutus

if you have a burp pro you can directly add from list XD

Brutus

lets start the attack

Brutus

lets wait until the attack ends

Brutus

Now wait for the right password to come in and then enter your password and you get the flag :)

Discussion (0)