The second hurdle: what you can find from the picture
topic:
(1) subject only to a picture, so the speculation flag hidden in the picture, it would be about the direct binwalk file analysis, and she hid a compressed file.
(2) binwalk -e 123.jpg command, extract the file, obtain a txt file as shown in FIG.
(3) open txt file, txt only "Password 123" words, submit it as a flag, display flag error.
Later in the online search everyone says that this question has bug. . . . . Really a waste of emotion. . . .
Third off: What do you see
(1) I certainly do not believe it. . . Look at the page's source code and found
(2) suggested that the title "penetration when the site catalog is also very important," then direct enumeration directory website about it (the tool here is OWASP_ZAP), the current directory san / crawling under exploratory
(3) feeling very strange, and then try to open, I did not expect a direct answer to burst, as shown below
Submit this flag, an error was found in the online search a bit, netizens say that this question has bug. . . . . . . .
Fourth: tell you FLANG is five digits
(1) where the user name just a password, try to log in, as in FIG.
(2) According to the prompt "encountered Five-digit verification code is bursting," I do not have to code where prompted this question but fell by blast, first try.
BurpSuite use of user name and password brute
You try to crack, it will get the user name and password are "admin" and "admin123", display login success
I am here to refer to other big brother, I have very strange BurpSuite tools, will learn to use the next few blog about hacking tools.
References:
1.Exp10 Final class CTF (Webug3.0 vulnerability Range - penetration basis)
https://www.cnblogs.com/PegasusLife/p/10886420.html
2.Webug3.0-渗透基础-解题
https://blog.csdn.net/Blood_Pupil/article/details/80960059
3.BurpSuite安装和配置
https://www.cnblogs.com/fighter007/p/10544762.html