1. bugku Question 8 - You have to stop it
Title in constantly refreshed interface, with burp interception page
intercepted packages are not the same as found, continue to click go up
2. bugku question 12 - First Class
Point into a look, had nothing
to use burp suite Ethereal
3. bugku 13 questions - website was hacked
What can not enter the operating interface
using the Sword scan to see if there is no php
enter a password needed something
opens burp blasting password, just lose a password, its capture
selected password dictionary, and click start attack
in this case the dictionary contents started blasting password, and returns the length found when other inconsistencies password which
the password flag to give
4. bugku Question 14 - System Administrator
Casually enter a username and password prompts to disable ip
finally found a base64 encoded in the source code, the decoding of test123, to give the password
to enter a user name and password test123 admin, open blasting burp, and forged ----- local ip X-Forwarded- -For: 127.0.0.1
5. bugku 17th title - Enter the password to view flag
Decisive burp brute force
because the number of 5-digit numeric password, type the election Numbers, tested from 10000-99999 ...
experienced a 1.8 billion times the test is completed, a long time, found inconsistent returns the length of the password number is