TryHackMe || Advent of Cyber 2023 Day 4: Baby, it’s CeWLd outside || WalkThrough

TheCyberWarrior
2 min readDec 5, 2023

--

Day 4 Image

The AntarctiCrafts company, globally renowned for its avant-garde ice sculptures and toys, runs a portal facilitating confidential communications between its employees stationed in the extreme environments of the North and South Poles. However, a recent security breach has sent ripples through the organization.

After a thorough investigation, the security team discovered that a notorious individual named McGreedy, known for his dealings in the dark web, had sold the company’s credentials. This sale paved the way for a random hacker from the dark web to exploit the portal. The logs point to a brute-force attack. Normally, brute-forcing takes a long time. But in this case, the hacker gained access with only a few tries. It seems that the attacker had a customized wordlist. Perhaps they used a custom wordlist generator like CeWL.

So, we will use CeWL to generate the username as well as password list using the spiders that crawl on the webpage and get us keywords that will help us get the correct combinations. After that, we will use the wFuzz tool to brute-force the combination of username and password to guess and get the correct credentials.

The commands used as: ‘cewl -d 0 -m 5 -w usernames.txt http://10.10.41.66/team.php — lowercase’ and ‘wfuzz -c -z file,usernames.txt -z file,passwords.txt — hs “Please enter the correct credentials” -u http://10.10.41.66/login.php -d “username=FUZZ&password=FUZ2Z”’

Q/A

  1. What is the correct username and password combination? Format username:password

Using CeWL and then wFuzz commands we will get the correct combination.

2. What is the flag?

The flag will be retrieved after successful login using the correct credentials.

If you have got your answers, Congratulations🥳. But if you are confused and unable to get the answers, follow the link to the post which contains the answers. https://thecyberwarrior.medium.com/aoc-2023-answers-13a5fb83b0b7

If you find this blog helpful, follow me on LinkedIn: https://www.linkedin.com/in/-prashantkumar07/

Happy Learning

--

--