Challenge name: Brutus
Category: Web
Challenge Description:
Lets start by downloading the ip.zip file
lets extract that file you can see
i am 100% sure that its gonna have a huge lot of files so lets open terminal and find the ip
so open terminal and type in
cat * | grep -r .
the command with cat any file it sees and grep . (which is usually used in ip)
we got
boom now since the ip is in binary lets convert it
the website i used to convert the ip,
https://www.browserling.com/tools/bin-to-ip
so lets paste the binary into the site and take our ip :)
you will get your ip after converting as
149.129.146.56
lets visit the ip we will see
since our challenge is brutus lets visit the brutus url by
149.129.146.56/brutus
opps theres a password sign in :( remember the description of the CTF mentions something about a nepali word list lets get on the way to search for one !!!
so the person who made the wordlist is Naresh Lamgade so lets look for the wordlist
For this part i will explain how I got the nepali wordlist :)
so the person has his email nareshlamgade@gmail.com
looking with that email( google searching nareshlamgade@gmail.com)
i got an website
you will see website like
So lets scroll down until we see the nepali wordlist blog
now lets click here and Download the word list, clicking on the link sends you to
http://www.mediafire.com/file/q38m0a0ht3mfc9h/Nepali_Wordlist.zip/file
Now lets download the wordlist :)
now open your Burp Suite
lets intercept a random password on burp
let move it to intruder
the shortcut keys are
ctrl+i to send to intruder and ctrl+shift+i to change the tab
lets set the payload to ic_pass which default the intruder sets to
now lets change the tab to pay load and copy and paste the nepali wordlist
if you have a burp pro you can directly add from list XD
lets start the attack
lets wait until the attack ends
Now wait for the right password to come in and then enter your password and you get the flag :)