LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page

Was this helpful?

  1. TryHackMe
  2. Advent of Cyber 3 (2021)

[Day 4] Santa's Running Behind

{Web Exploitation = Fuzzing}

Previous[Day 3] Christmas BlackoutNext[Day 5] Pesky Elf Forum

Last updated 3 years ago

Was this helpful?

Challenge

Accessing the site reveals a login form as shown below.

The following was the password list provided to us.

christmas
elves!
santa
festive
joy123
myrrh!
yuletide
presents
candy
tidings
cookie
cookies
biscuits!
snowball
snowball123

First, capture a dummy login request on burp and send it to the intruder

Mark the payload positions as shown below.

Paste the given wordlist under payload set 1 and start the attack.

After the attack has been completed. It's obvious that one request has a longer response and a status code of 302 AKA redirect.

Trying to login with santa:cookie succeeds and we are able to see Santa's Itinerary.

What valid password can you use to access the "santa" account?

  • cookie

What is the flag in Santa's itinerary?

  • THM{SANTA_*******}

🎄