weak_auth

weak_auth

进入网址

看到登录页面,随便输入用户与密码

提示

61.147.171.105:63127 please login ας admin

知晓了用户为admin

接下来用bp去爆破

Project Intruder Repeater Window Help Sequen cer Decoder Burp Suite Professional V2021.6 - Temporary Project - licensed to h 31 IOWOrld Comparer Logger Extender Project options User options Dashboard Target Target Positions O Payload Sets P roxy Repeater Intruder Resource Pool Options You can define one or more payload sets. The number of payload sets depends on the attack type defined in the Positions tab. Various payload types are available for each payload set, and each payload t Payl o a d set Payload type: Simple list Payload Options [Simple list] Payload count: 3.425 Request count: 6,850 This payload type lets you configure a simple list of strings that are used as payloads. Paste Load Remove Clear SSRV Add from list O Payload Processing You can define rules to perform various processing tasks on each payload before it is used. Add Edit Remove Enabled Rule

字典调好,点击右边的

Start attack t ways.

开始爆破,得到密码为123456

填入登录得到flag

posted @ 2023-06-17 16:35  回忆的金鱼  阅读(18)  评论(0)    收藏  举报