Professional Documents
Culture Documents
Walkthrough 1897
Walkthrough 1897
URL https://attackdefense.com/challengedetails?cid=1897
Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.
The IP address of the attacker machine is 192.195.214.2. The target machine is located at the
IP address 192.195.214.3
Step 2: Identifying open ports.
Step 3: Starting Burp Suite. Click on the Menu, Navigate to "Web Application Analysis" and click
on "owasp-zap".
ZAP:
Step 4: Click on "Manual Explore", enter the target IP address in the Input field and click on
"Launch Browser".
The website and the login page action will be added to the sitemap.
Step 7: Click on the POST request from the sitemap and click on the "Request" tab.
Step 8: Right click on the POST request, navigate to Attack and click on "Fuzz".
Step 10: Click on the Add button, enter the payloads for username. Click on the Add button.
Payloads: admin,bee
Step 11: Click on the "OK" button.
Step 15: Click on Start Fuzzer. Upon completion of the attack, compare the status code.
One of the status code will be 302.
Step 16: Login to the web application. The login credentials were discovered in the previous
step.
Username: bee
Password: bug
After Login:
References: