Brutus

Challenge name: Brutus

Category: Web

Challenge Description:

Lets start by downloading the ip.zip file

lets extract that file you can see

i am 100% sure that its gonna have a huge lot of files so lets open terminal and find the ip

so open terminal and type in

cat * | grep -r .

the command with cat any file it sees and grep . (which is usually used in ip)

we got

boom now since the ip is in binary lets convert it

the website i used to convert the ip,

https://www.browserling.com/tools/bin-to-ip

so lets paste the binary into the site and take our ip :)

you will get your ip after converting as

149.129.146.56

lets visit the ip we will see

since our challenge is brutus lets visit the brutus url by

149.129.146.56/brutus

opps theres a password sign in :( remember the description of the CTF mentions something about a nepali word list lets get on the way to search for one !!!


so the person who made the wordlist is Naresh Lamgade so lets look for the wordlist


For this part i will explain how I got the nepali wordlist :)


so the person has his email nareshlamgade@gmail.com


looking with that email( google searching nareshlamgade@gmail.com)

i got an website

you will see website like

So lets scroll down until we see the nepali wordlist blog

now lets click here and Download the word list, clicking on the link sends you to

http://www.mediafire.com/file/q38m0a0ht3mfc9h/Nepali_Wordlist.zip/file

Now lets download the wordlist :)

now open your Burp Suite

lets intercept a random password on burp

let move it to intruder

the shortcut keys are

ctrl+i to send to intruder and ctrl+shift+i to change the tab

lets set the payload to ic_pass which default the intruder sets to

now lets change the tab to pay load and copy and paste the nepali wordlist

if you have a burp pro you can directly add from list XD

lets start the attack

lets wait until the attack ends

Now wait for the right password to come in and then enter your password and you get the flag :)