Skip to content

Credential Mining

Credential Mining                                Web Ring                                A picture containing clipart Description automatically generatedAlabaster Snowball

A picture containing text Description automatically generated

Graphical user interface Description automatically generated

Hint
https://owasp.org/www-community/attacks/Brute_force_attack

Open victim.pcap and then look at the first instance of POST /login.html because thats when the 1st POST was done on login.html to send the user name and password.

 
http && http.request.method=="POST" && http.request.uri=="/login.html"

Wireshark with below filter on the PCAP file : http && http.request.method=="POST" && http.request.uri=="/login.html"

Answer: alice

Upon submitting the answer, the objective is now completed, and we get 5 coins as well