WiCYS CyberStart (Amsterdam) Challenge 3

NOTE: There is a Gitbooks version of the same challenge walkthrough written by me. You can go ahead and check it out!

Briefing L01 C03

Social Engineering

Permission has been granted to try and log into the Chirp social media account of a hacker who goes by the name of D4YDR3AM. Luckily for us. they’ve been clumsy with their personal information. We know their dog’s name is Barkley and they were born in 1993. Can you use what we know about them to guess their password and get us into their account?

Tip: Get the flag by guessing the correct password to sign into the account.

Let’s go to the challenge

We are met with this Chirp login page (mimicking Twitter again!)

I guess we won’t have to think hard to crack this, unless it involves creating a wordlist using crunch (to generate passwords) and using it to bruteforce the login page, using Hydra or Burp Suite

I had these three combinations in mind:-

Barkley1993

Barkley93 and

1993Barkley

Flag Capture

Let’s go ahead and bruteforce em’

The first password worked in this case and we have logged in.

First time lucky eh?

Write a caption

We get the flag and submit it

Flag — F3Fhrc07TPmJ2HZAY9cd

Currently, we have 300 points on the scoreboard!

There’s no looking back. Onward ahoy!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store