题目:
攻击者通过暴力破解进入了某Wiki 文档,请给出登录的用户名与密码
Writeup
1.下载流量包,使用Winshark,尝试搜索login等关键字,发现流量如下:
POST /login HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: python-requests/2.28.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 42
Content-Type: application/x-www-form-urlencoded
username=TMjpxFGQwD&password=987654321%40AHTTP/1.1 200
Content-Type: application/json;charset=UTF-8
Content-Length: 51
Date: Sun, 30 Jul 2023 12:19:40 GMT
{“errCode”:300,”errMsg”:”……………………”}
使用charles 发现该内容为
{
“errCode”: 300,
“errMsg”: “用户名或密码错误”
}
使用VScode打开流量文件尝试errCode”: 300,errCode”: 200等关键字
发现存在一个包为
请求包为
username=TMjpxFGQwD&password=123457
HTTP/1.1 200
Set-Cookie: accessToken=f8d74094376b4f9780cefa866cdadcdf; Max-Age=86400; Expires=Mon, 31-Jul-2023 12:19:42 GMT; Path=/; HttpOnly
Set-Cookie: zyplayertoken=f8d74094376b4f9780cefa866cdadcdfQzw=; Max-Age=86400; Expires=Mon, 31-Jul-2023 12:19:42 GMT; Path=/; Secure
Set-Cookie: userid=2; Max-Age=86400; Expires=Mon, 31-Jul-2023 12:19:42 GMT; Path=/; HttpOnly
Content-Type: application/json;charset=UTF-8
Content-Length: 15
Date: Sun, 30 Jul 2023 12:19:41 GMT
返回包为
{“errCode”:200}
本道题的flag为username=TMjpxFGQwD&password=123457