Article Directory
use tools
- Yujian WEB Directory Scan
- Burpsuite
1. "Administrator System
The topic is login account
Prompt the administrator system, first try admin
to login and capture the account and password
Prompt to contact the local administrator
The page has a string of base64 encoding, and the password of the administrator account istest123
Try to test123
log in to the account with a passwordadmin
Also prompted to contact the local administrator
Use X-Forwarded-For
point to local127.0.0.1
Get FLAG
flag{85ff2ee4171396724bae20c0bd851f6b}
2. "The website is hacked"
The topic is a website
that has been attacked. Now that it has been hacked and there are loopholes in the website, then there should be a backend and use the sword to scan
To access the shell, you need to find the password.
Use Burpsuite password dictionary to blast
Send the package to Intruder, set the payload and sort the results according to the response length
hack
Login with password to get FLAG
flag{hack_bug_ku035}
Finish
Welcome to leave a message in the comment area.
Thanks for browsing