目录
三、密码口令
3.1、弱方式
(1)打开http://challenge-1579a41495103f2c.sandbox.ctfhub.com:10800
(2)打开BurpSuite,点击Proxy出现以下情况,点击OK
(3)点击Setting,再点击Burp’s browser,再勾选Allow Burp’s browser to run without a sendbox
(4)点击Intercept is off,然后点击Open browser
(5)打开浏览器中输入网址,点击Enter
(6)点击Forward
(7)输入用户名和密码,点击登录
(8)右击,点击Send to Intruder
(9)点击Intruder,在密码前后加$
(10)点击Load...加载密码库,点击Start attack
(11)看到Length较长的回包,点击Response再点击Raw,得到flag为ctfhub{529f56ff2ff522357a1924c9}
3.2、默认口令
(1)打开http://challenge-c2d89426f6ffa0ac.sandbox.ctfhub.com:10800
(2)查找亿邮邮件相关常见用户名、密码和验证码,点击登录,依次尝试,得到flag为ctfhub{a67ea66288c59a62db855d86}