Tags: web
Rating:
# Challenge Name: wpi-admin
## Description
Your friend is a sophomore at Worcester Polytechnic Institute. They have had a rough first two years, so you came up with the idea to hack into WPI's servers and change their grades. Their email is [email protected]
https://wpiadmin.wpictf.xyz/
## Detailed solution
Start by exploring the website https://wpiadmin.wpictf.xyz/
We can see some pages :
- Home page https://wpiadmin.wpictf.xyz/ : nothing special
- Student login https://wpiadmin.wpictf.xyz/studLogin : a login page using email and password
- Admin portal https://wpiadmin.wpictf.xyz/loginPortal : Portal Temporarily Unavailable Please use direct link
- Top students https://wpiadmin.wpictf.xyz/topStudents : has a list of users with picture, name, email and status
So we have the top student emails :
```
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
```
I intercept the login request and start brutforcing using top students emails and a wordlist for passwords https://portswigger.net/support/using-burp-to-brute-force-a-login-page
I used a simple wordlist https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/Common-Credentials/10-million-password-list-top-100.txt
We can see the correct credentials with a 302 redirection while incorrect credentials show Invalid username/password
We found all top students credentials
```
[email protected] 123456
[email protected] 12345678
[email protected] qwerty
[email protected] 123123
[email protected] password
[email protected] iloveyou
[email protected] soccer
```
Start login in with each emails we can see some new pages : Student news, Student communications and Student notes
But while log in with [email protected] email which is a student worker we found our flag at Student news page
## Flag
```
WPI{1n53cUR3_5tud3Nts}
```
